Windows 10 and Windows 11 vulnerability lets any user access admin privileges

0

Just because another user on your computer doesn’t have admin privileges doesn’t mean your PC is safe from hostile takeovers. BleepingComputer highlights a zero-day security flaw in both Windows 10 and the recently-announced Windows 11 that lets secondary accounts take master control over the system.

Currently, non-admin users are able to access the shadow volume of registry files relating to the Security Account Manager (SAM); a database that contains both usernames and passwords for local accounts on the operating system. Any malicious user could then grab the hashed passwords of accounts with higher privileges, and grant themselves unfettered control over the OS.

Microsoft has already responded to the vulnerability, stating that it affects anyone running Windows 10 version 1809 and up. While it hasn’t released a full update to fix the security flaw yet, it’s listed a number of workarounds on its site if you’re concerned. This includes restricting access to the file directory to the SAM, or by deleting your shadow copy of Windows. The latter could give you a headache if you need to restore Windows back to an earlier point, however.

We wouldn’t worry too much about this vulnerability on your private gaming PC, however. Unless someone in your house gains access to your computer locally, attackers would need to somehow access your desktop remotely to take advantage of the bug – this isn’t easy, either, often requiring malware.

You can prevent that from happening by taking basic steps such as avoiding dodgy looking email attachments, installing a solid antivirus program, and never letting anyone you don’t 100% trust take remote control of your PC.

{“schema”:{“page”:{“content”:{“headline”:”Windows 10 and Windows 11 vulnerability lets any user access admin privileges”,”type”:”news”,”category”:”gaming-hardware”},”user”:{“loginstatus”:false},”game”:{“publisher”:””,”genre”:null,”title”:”Gaming hardware”,”genres”:null}}}}

FOLLOW us ON GOOGLE NEWS

 

Read original article here

Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@techcodex.com. The content will be deleted within 24 hours.

Comments
Loading...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More