

MS15-085 Vulnerability in Mount Manager Could Allow Elevation of Privilege - dnlongen
https://technet.microsoft.com/en-us/library/security/MS15-085

======
dnlongen
So, plugging in a malicious USB storage device can not only execute malicious
code, but can do it with elevated privileges.

Can it be done on a locked PC or must a user be actively logged in? I presume
the former, as I don't believe the mounting process requires the PC to be
unlocked.

