Windows 10 Vulnerability Allows Any User to Become an Admin
In the meantime, Microsoft has a manual workaround you can use to patch the issue.
As discovered by BleepingComputer, a massive security hole has been found in Windows 10 (see how to get Windows 10 for free or cheap) and Windows 11 that allows local account users to access sensitive account information of both local and administrator accounts. This issue extends to the point where local accounts can change passwords of admin accounts, allowing potential attackers full access to the PC.
The problem lies in Microsoft's security rules assigned to the Windows Registry and the Security Account Manager. Both for some reason have reduced restrictions allowing any local user to fully access the files without administrator privileges.
This is even more critical of the Security Account Manager which holds all the account data -- including passwords -- of all users on the PC. Giving local users access to this private information can allow attackers to log into one of the administrator accounts for full control of the PC.
Luckily you can't just access the Windows Registry files at your leisure, as those files are always in use when Windows is running, meaning you can't view the files as Windows is using them.
But the workaround to this "problem", is to access the Windows Shadow Volume which serves as a backup to the Windows Registry and SAM files.
Microsoft is aware of the matter and is tracking it with code CVE-2021-36934, and includes a complete workaround for the issue, which includes restricting access to %windir%\system32\config and deleting any restore points or Shadow volumes that were created before that point, until the hole is plugged with an official security patch.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Aaron Klotz is a contributing writer for Tom’s Hardware, covering news related to computer hardware such as CPUs, and graphics cards.
USB-C cable CT scan reveals sinister active electronics — O.MG pen testing cable contains a hidden antenna and another die embedded in the microcontroller
Hackers breach Wi-Fi network of U.S. firm from Russia — daisy chain attack jumps from network to network to gain access from thousands of miles away
-
kaalus As long as the current monopoly/duopoly in the desktop operating systems market exists, the atrocious quality of these systems will stay with us.Reply -
helper800
Surely Windows could be better, but to call it's quality "atrocious" is a bit much. If it were so easy to make something better, especially in the user experience department, someone would have made it and sold it as a product by now.kaalus said:As long as the current monopoly/duopoly in the desktop operating systems market exists, the atrocious quality of these systems will stay with us. -
hotaru.hino
Then come up with something better.kaalus said:As long as the current monopoly/duopoly in the desktop operating systems market exists, the atrocious quality of these systems will stay with us. -
lyrx After 25 years of Windows. there's still security issue? Wear a condom. Geezus. The tech people create the problems then want us to call them saviors if the solve a problem. I'm over it. San Jose thinks they have great people, but they are no match for China and Russia when it comes to cyber threats. The U.S. is full of snowflake programmers.Reply -
USAFRet
Name an OS without vulnerabilities.lyrx said:After 25 years of Windows. there's still security issue? Wear a condom. Geezus. The tech people create the problems then want us to call them saviors if the solve a problem. I'm over it. San Jose thinks they have great people, but they are no match for China and Russia when it comes to cyber threats. The U.S. is full of snowflake programmers. -
tazmo8448 The workaround that was mentioned in the article is vague at best on how to go about using it. All they mention is shadow copies so what do we do delete them all?Reply -
helper800
Ahh yes, the "you're a snowflake" remark transitioning directly to tribalism. Please continue, I would like to reference this in my oral arguments class, however, I need just a bit more material.lyrx said:After 25 years of Windows. there's still security issue? Wear a condom. Geezus. The tech people create the problems then want us to call them saviors if the solve a problem. I'm over it. San Jose thinks they have great people, but they are no match for China and Russia when it comes to cyber threats. The U.S. is full of snowflake programmers. -
hotaru.hino
Name me a Chinese or Russian OS that's has zero security issues.lyrx said:After 25 years of Windows. there's still security issue? Wear a condom. Geezus. The tech people create the problems then want us to call them saviors if the solve a problem. I'm over it. San Jose thinks they have great people, but they are no match for China and Russia when it comes to cyber threats. The U.S. is full of snowflake programmers.
Also security doesn't stop at the developer. It continues all the way down to the end user. It doesn't matter how hardened someone makes their OS if the person at the end doesn't update with the latest security patches, clicks on random links from random people, and happily gives their login information to phishers.