PhonAndroid Windows 10 and 11: a flaw allows anyone to become an administrator, here's how to protect yourself

PCs running Windows 11 and Windows 10 have a vulnerability that allows low-privileged users to access registry files. It therefore allows you to become an administrator of a computer.

Credit: Pixabay

Recent versions of Windows 10 and the "Preview" version of Windows 11 have an incorrectly configured Access Control List (ACL) for the Security Account Manager (SAM), SYSTEM, and SECURITY registry hive files. This new, easily exploitable flaw, named CVE-2021-36934, would allow non-administrative local users to obtain administrative-level privileges, giving them full access to the system.

Attackers could therefore gain access to the SAM file in the Windows registry, which contains “hashed” versions of all user passwords on a given Windows system, including passwords for administrative users. Even if these are encrypted, some hackers are still able to "crack" them to find the original passwords.

The discovery of such a significant new vulnerability in the Windows operating system is not good news for Microsoft. It comes just a few weeks after warnings about the printer driver vulnerability, named PrintNightmare. This allows hackers to infiltrate their victim's PC to install malicious software. Microsoft has also recently deployed a patch, but it is not 100% effective.

How to protect against the CVE-2021-36934 flaw?

While waiting to deploy a patch, Microsoft has provided a workaround to protect you from the flaw:

First, you will need to limit access to the contents of %windir%\system32\config. For it :

Open Command Prompt or Windows PowerShell as administrator.

Run the following command: icacls %windir%\system32\config\*.* /inheritance:e

Then, it will be a question of deleting the shadow copies of the Volume Shadow Copy Service (VSS), following the following procedure:

Open Command Prompt or Windows PowerShell as administrator.

Run the command: vssadmin list shadows (which lists all existing shadow copies of a specified volume).

If there are, delete them with: vssadmin delete shadows /for=c: /Quiet

Run the command again: vssadmin list shadows to check if they have been deleted.

Delete all system restore points that existed before restricting access to %windir%\system32\config.

Create a new system restore point (if needed).

Also read – Windows 11: how to download and install the beta version

Since Microsoft has officially acknowledged the existence of the flaw, and that it is a critical flaw, it is expected that the American company will deploy a patch as soon as possible, within the next few weeks.

Source: Neowin

Windows 11

The editor also advises you...

Windows 11 changes refresh rate on the fly to save battery

Android lets you avoid poles when you walk