Microsoft has confirmed a newly reported security vulnerability called “Thunderspy” that lies within a vulnerability in its THunderbolt ports. The vulnerability enables an attacker with physical PC access to adjust or change the port’s controller firmware, effectively disabling its security and presenting huge risks for the victim. Last week, consumers were informed that almost all Windows PCs with Thunderbolt ports are vulnerable to the attack.
The new threat allows an attacker to surpass locking or suspending a PC, setting up Secure Boot, using strong system passwords, and enabling encryption, as the hacker would potentially need roughly several minutes alone with the device to compromise it. Although these kinds of attacks are high-risk, sophisticated, and rare, they do occur and therefore it is important that Microsoft users understand the risks involved with the Thunderspy vulnerability.
Read More: Microsoft Confirms Serious New Security Problem For Windows 10 Users