Users are being informed to configure a Windows Registry to prevent the automatic installation of files when connecting a USB to their device.
The update became necessary after researchers revealed how simply plugging a device into Windows could lead to the installation of a vendor application that allowed unknown users to gain SYSTEM privileges.
The flaw was originally found in apps known as “co-installers,” although researchers have also discovered other devices that allow local privilege escalation, including SteelSeries devices.
The problem is caused by Window’s Plug-and-Play feature, and can be solved by the following steps:
- <li>Navigate to ‘HKEY_LOCAL_MACHINE'</li><li>Navigate to SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer'</li><li>Set the Registry key under the DWORD-32 value named ‘DisableCoInstallers’ to one.</li>
For more information, read the original story in Bleeping Computer.