During March Patch Tuesday of 2013, Microsoft released seven new security bulletins, with four rated as critical, and others as Important. Most interesting one was which is rated as “important” because the attack requires physical access to the vulnerable machine. This flaw allows anyone with a USB thumb drive loaded with the payload to bypass security controls and access a vulnerable system even if AutoRun is disabled, and the screen is locked. Windows typically discovers USB devices when they are inserted or when they change power sources.
Source: https://thehackernews.com/2013/03/microsoft-flaw-allows-usb-loaded-with.html