…“The vulnerable driver ships with every version of Windows, up to and including Server 2025,” Adam Barnett, lead software engineer at Rapid7, said. “Maybe your fax modem uses a different chipset, and so you don’t need the Agere driver? Perhaps you’ve simply discovered email? Tough luck. Your PC is still vulnerable, and a local attacker with a minimally privileged account can elevate to administrator.”…
Fixed and required physical access to the machine. If someone malicious has physical access to your machine you’re already done.
Does it mean you don’t think login password with physical token with disk encryption work?
The attacker had to already be logged in to the machine for this exploit.
Thanks for clarifying, guess you meant “required physical access to the machine AND being logged in.” then which makes a huge difference.