fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

How to Block Windows Plug-and-Play Auto-Installing Insecure Apps

How to Block Windows Plug-and-Play Auto-Installing Insecure Apps

A trick has been discovered that prevents your device from being taken over by vulnerable Windows applications when devices are plugged into your computer.

Last month, researchers detailed how simply plugging in a device in Windows may also install a vendor’s application that allows regular users to quickly gain SYSTEM privileges, the highest user privilege level in Windows.

For example, when users plugged in a Razer USB mouse, Windows would automatically install its driver and the Razer Synapse software.

However, since Windows started the software’s installation using a process with SYSTEM privileges, the Razer Synapse software also ran with SYSTEM privileges.

RazerInstaller.exe running with SYSTEM privileges
RazerInstaller.exe running with SYSTEM privileges

During the Razer Synapse installation, you could specify a different folder to install the program, which would open a ‘Choose a Folder’ dialog.

However, when this dialog is open, it is possible to open a PowerShell console, which would also open with the SYSTEM privileges of the Razer Synapse installer.

For those not familiar with SYSTEM privileges, they are the highest user rights available in Windows and allow you to perform any command in the operating system. 

Also Read: Data Protection Policy: 8 GDPR Compliance Tips

Using these bugs, users with little privileges on a Windows device could easily take complete control over it by simply plugging in a $20 USB mouse.

This vulnerability was discovered in apps known as “co-installers” and, since the first one was spotted, other researchers found more devices that may allow local privilege elevation, including SteelSeries devices.

Blocking Windows driver co-installer applications

When hardware developers submit drivers to Microsoft for distribution through Windows, they can configure device-specific co-installers that will be executed after Windows Plug-and-Play installs the driver.

These co-installers can be used to configure device-specific Registry keys, download and install other applications, or perform other necessary functions for the device to work correctly.

Through the co-installer feature, Razer, Synapse, and other hardware manufacturers can install their configuration utilities when their USB devices are plugged into a computer.

As first discovered by Will Dormann, a vulnerability analyst for CERT/CC, it is possible to configure a Windows Registry value that blocks co-installers from being installed during the Plug-and-Play feature.

To do this, open the Registry Editor and navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer Registry key. Under that key, add a DWORD-32 value named DisableCoInstallers and set it to 1, as shown below.

The DisableCoInstallers Registry value
The DisableCoInstallers Registry value

Once enabled, Windows will block co-installers from being installed when you plug an associated USB device into your computer.

It is important to note that making this change will block a device’s configuration software from automatically being installed. Instead, you will need to download and install it from the vendor’s site manually.

Also Read: Don’t Be Baited! 5 Signs of Phishing in Email

However, the inconvenience is worth the added security received by blocking the installation of potentially exploitable applications during the Windows Plug-and-Play process.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us