Security News > 2021 > December > 27 flaws in USB over network SDK affect millions of cloud users
Researchers have discovered 27 vulnerabilities in Eltima SDK, a library used by numerous cloud providers to remotely mount a local USB device.
This necessity also increased cloud providers utilizing Eltima's SDK that allow employees to mount local USB mass storage devices for use on their cloud-based virtual desktops.
As cloud desktop providers, including Amazon Workspaces, rely on tools like Eltima, SentinelOne warned that millions of users worldwide have become exposed to the discovered vulnerabilities.
The implications of exploiting the flaws are significant as they could allow remote threat actors to gain elevated access on a cloud desktop to run code in kernel mode.
These vulnerabilities have been responsibly disclosed to Eltima, who has already released fixes for affected versions.
Amazon AppStream client version below: 1.1.304, 2021/08/02.