CVE-2015-1769
CVE-2015-1769
In short
Windows Mount Manager doesn't properly handle symbolic links on USB devices, allowing someone with physical access to a computer to connect a malicious USB drive and run unauthorized code with elevated privileges.
Technical detail
A symbolic link handling vulnerability in Windows Mount Manager allows local attackers with physical device access to escalate privileges by connecting a crafted USB device. The flaw fails to properly validate symlink targets during mount operations, enabling arbitrary code execution in a privileged context without requiring user interaction beyond device connection.
Summary generated and translated by AI from the official description.
Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
githubgithub.com/int0/CVE-2015-1769★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspxhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1769http://www.securitytracker.com/id/1033244