CVE-2014-4115

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2

Description The issue exists due to the way the Windows FASTFAT system driver interacts with FAT32 disk partitions. This allows an attacker to execute arbitrary code with elevated privileges by connecting a crafted USB device. The vulnerability can be exploited by physically proximate attackers.

Recommendations For Microsoft Windows Server 2003 SP2, update the FASTFAT driver to a patched version. For Microsoft Windows Vista SP2, update the FASTFAT driver to a patched version. For Microsoft Windows Server 2008 SP2, update the FASTFAT driver to a patched version. As a temporary workaround, consider restricting access to USB devices to minimize the risk of exploitation.