…“The vulnerable driver ships with every version of Windows, up to and including Server 2025,” Adam Barnett, lead software engineer at Rapid7, said. “Maybe your fax modem uses a different chipset, and so you don’t need the Agere driver? Perhaps you’ve simply discovered email? Tough luck. Your PC is still vulnerable, and a local attacker with a minimally privileged account can elevate to administrator.”…
The attacker had to already be logged in to the machine for this exploit.
Thanks for clarifying, guess you meant “required physical access to the machine AND being logged in.” then which makes a huge difference.