Category: Microsoft|Jul 23, 2021 | Author: Admin

Newly spotted Windows 10 and 11 vulnerability lets any user have admin privileges

Share on

Windows 11 preview testers have discovered an early security bug, one that seems to have carried over from Windows 10. This new Windows 10 and Windows 11 vulnerability creates a path for any local user to gain admin privileges.

As reported by Bleeping Computer, some Windows 10 and Windows 11 registry files are accessible by the ‘Users’ group, allowing anyone to extract the hashed credentials of admin accounts and use them to gain admin privileges.

 

The registry files we are talking about are stored in the C:\Windows\system32\config folder. There you will find the ‘SYSTEM’, ‘SECURITY’, ‘SAM’, ‘DEFAULT’, and ‘SOFTWARE’ files, which contain sensitive information that should not be accessible to low-level accounts. Unfortunately, that’s not the case.

 

To check the file permissions on this file, open the command prompt, and write “icacls C:\Windows\system32\config\’name of the file'”. After pressing enter, the command prompt will show you the file permissions.

 

When Windows is running, these files are in use, meaning unwanted guests won’t be allowed to access it. However, these files may be backed up by Windows shadow volume copies, which are accessible.

 

Microsoft has confirmed the vulnerability and plans to release a fix soon, although a community-generated fix has already been found. To fix the problem yourself, you’ll want to open up a command prompt as an administrator and execute the following command: “icacls %windir%\system32\config\*.* /inheritance:e”. If you have any shadow volume copies that were made before running the command, delete them.

Sponsored Ads:

Comments:


Had to crisis-postpone new 5G standard in the US to avoid plane chaos

Category: IT|Jan 20, 2022 | Author: Admin

No one found out that the iPhone 13 is missing this until now

Category: Apple|Jan 19, 2022 | Author: Admin

Safari leaks your browser history

Category: General|Jan 18, 2022 | Author: Admin

Chromium Trouble - Can't change default search engine anymore

Category: Google|Jan 17, 2022 | Author: Admin

Here, developers are allowed by Apple to offer alternative payment methods

Category: Apple|Jan 16, 2022 | Author: Admin

Microsoft refuses to correct the error - took matters into its own hands

Category: Microsoft|Jan 15, 2022 | Author: Admin

Now Meta gets the authorities on its neck, again

Category: General|Jan 14, 2022 | Author: Admin

Has invested heavily in podcasts - now Spotify is closing down the studio

Category: General|Jan 13, 2022 | Author: Admin

Claims HomePod mini is on its way to Norway

Category: General|Jan 12, 2022 | Author: Admin

Linux gets the function everyone wants

Category: IT|Jan 11, 2022 | Author: Admin

Flasher RTX 3080 Ti with 3090 BIOS for extra efficient Ethereum mining

Category: General|Jan 10, 2022 | Author: Admin

Dice continues to destroy for himself: removed favorite from Battlefield 2042

Category: General|Jan 9, 2022 | Author: Admin

NBN Co applies fix to get hundreds of Sky Muster satellite services back online

Category: IT|Jan 8, 2022 | Author: Admin

You can trick Windows 11's new media player

Category: Microsoft|Jan 7, 2022 | Author: Admin

Intel Core i9 is faster than M1 Max

Category: General|Jan 6, 2022 | Author: Admin
more