Responsible Disclosure – Security Vulnerability in Accops USB Redirection Driver
- Accops
- December 7, 2021
- 4:00 pm

Overview
A local privilege escalation vulnerability in Accops products for Windows OS was recently discovered and responsibly disclosed to Accops. It was reported by SentinelOne, which is a reputed global cybersecurity company. The vulnerability has been fixed in Accops products.
The vulnerability affects customers who use Accops Virtual Desktop products only, more specifically described below.
The remediation prevented local users from executing arbitrary code with administrator privileges. There is no evidence that the vulnerability has been exploited and to our knowledge, no customer is impacted.
Applies to the following Accops product(s) and version(s)
• Accops HyWorks Client version 3.2.8.180 or prior, for Windows with built-in USB redirection
• Accops HyWorks DVM Tools version 3.3.1.102 or prior, for Windows 7/8/10 based Virtual Desktops
Detection & remediation
• The HyWorks Client endpoint can be checked for any affect due to the vulnerability and fixed, if needed, by
running a utility provided by Accops
• The fix is included in HyWorks Client version 3.2.8.200, released August 21, 2021
• The fix is included in HyWorks DVM Tools version 3.3.1.105, released as part of HyWorks version 3.3 – R3 on
October 14, 2021
Detailed remediation document
We have published a detailed document providing steps to remediate the vulnerability.
Vulnerability CVE IDs given below
CVE-2021-42688 | An Integer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B in the Accops HyWorks Windows Client prior to v 3.2.8.200 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
CVE-2021-42687 | A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
CVE-2021-42686 | An Integer Overflow exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B in the Accops HyWorks Windows Client prior to v 3.2.8.200 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
CVE-2021-42685 | An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 . The IOCTL Handler 0x22005B in the Accops HyWorks DVM Tools prior to v3.3.1.105 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
CVE-2021-42683 | A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
CVE-2021-42682 | An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
CVE-2021-42681 | A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
Search results for “Accops” at the official CVE website.
You may also like

The Ultimate Guide to Desktop Virtualization
In India, nearly 30,000 micro-enterprises are transitioning into small businesses, intensifying competition. To stand out, embracing the right technology is paramount. Enter desktop virtualization—a game-changer

A Guide to On-Demand Secure Remote Access
Recent reports indicate that in 2023, 28.2% of employees have adopted a hybrid work model. Many companies find that offering full-time remote career opportunities or

Navigating the Future with ZTNA: Adapting to Ever-Evolving Cybersecurity Threats
In today’s digital landscape, cyberattacks are on the rise, with around 64% of companies globally experiencing some form of attack. The increasing digitization of businesses