Security News > 2021 > September > How to block Windows Plug-and-Play auto-installing insecure apps
A trick has been discovered that prevents your device from being taken over by vulnerable Windows applications when devices are plugged into your computer.
Last month, researchers detailed how simply plugging in a device in Windows may also install a vendor's application that allows regular users to quickly gain SYSTEM privileges, the highest user privilege level in Windows.
Since Windows started the software's installation using a process with SYSTEM privileges, the Razer Synapse software also ran with SYSTEM privileges.
Using these bugs, users with little privileges on a Windows device could easily take complete control over it by simply plugging in a $20 USB mouse.
As first discovered by Will Dormann, a vulnerability analyst for CERT/CC, it is possible to configure a Windows Registry value that blocks co-installers from being installed during the Plug-and-Play feature.
Once enabled, Windows will block co-installers from being installed when you plug an associated USB device into your computer.