Unpatched vulnerability in software that redirects local USB devices to a remote system could help attackers elevate privileges on a target machine by adding fake devices. The flaw is identified as CVE-2020-9332 and resides in the bus driver for USB for Remote Desktop developed by FabulaTech. The company has an impressive customer list with high-profile organizations from a variety of sectors. A new release of the software containing the software is expected in the near future in June.
Source: https://www.bleepingcomputer.com/news/security/bug-in-usb-for-remote-desktop-lets-hackers-add-fake-devices/