[Rastafarian]

Buddy, did you even read the article before commenting??

"andrewaylett:

But it's not an autorun vulnerability, that wouldn't be newsworthy -- the problem is that simply mounting the filesystem exploits bugs in the filesystem driver."

[amckenna]

@Rastafarian

Did you watch the video before retorting?

In the video he has to run "ntfs_exploit.exe" in order to exploit the vulnerability. That's why a local account, as well as the ability to insert the USB dongle, is needed in order to leverage the exploit. So simply mounting the filesystem is not sufficient to trigger the exploit

[robk]

Understood, but to fully _exploit_ the vulnerability one would need to actually execute more code than just triggering the vulnerability presumably.

[chuppo]

You appear to not understand the concepts you are attempting to participate in a discussion about.

To "trigger" the vulnerability is to deliver your exploit code. This USB stick can be inserted into any Windows 7 system and, voila you have your rootkit on that machine, without any user interaction required. No running of .exe files anywhere. You could put some pictures on the usb drive for the user to look at while his system is compromised. (Rootkitted is that a word? Backdoored is.)

[elarkin]

In his demo video, he needs to run a specially crafted program to actually achieve privilege escalation. That's why you need both physical access and a local user account.

Social engineering only gets you both if you can autorun the executable upon insertion of the usb stick.

[StavrosK]

> You appear to not understand the concepts you are attempting to participate in a discussion about.

I would be more demure. This way, it wouldn't look this bad when I'm wrong.