1 comment

[ 5.3 ms ] story [ 15.0 ms ] thread
So, plugging in a malicious USB storage device can not only execute malicious code, but can do it with elevated privileges.

Can it be done on a locked PC or must a user be actively logged in? I presume the former, as I don't believe the mounting process requires the PC to be unlocked.