[glitchc]

I think the OP's point is that any malicious code residing in the USB driver has access to a much larger attack surface in kernel space than the UI app running in userspace.

If I were attacking the system along this vector, my exploit would sit in the USB driver, not the UI code.

[gsibble]

Same. Was wondering when the conversation would get around to this.

You could take advantage of being SYSTEM much earlier along this cycle and still take control of the computer. This is actually a very nasty bug in how arbitrary code can be run at SYSTEM level when inserting a usb device.

[Dylan16807]

This isn't about malicious code in the drivers.

And once malicious code is in kernel space it wouldn't even need access to an attack surface.