A vulnerability in the system allows any user to obtain administrator privileges. This is due to the operating system leaving a registry file unprotected. In addition, this file contains the login credentials of all users. Therefore, an attacker could alter the file to change passwords. Consequently, he could access accounts with elevated access. On the other hand, this flaw starts with a bug in the Windows registry backups. This file contains the system security settings. Therefore, it is not accessible to all users. However, some files associated with the registry are exposed. Read on to find out how a serious Windows bug affects account security.
This serious Windows flaw affects the security of accounts and the system in general.
As mentioned, some system-related files may be exposed. Among them, the Account Security Manager file. Which stores all the hashed passwords of the system accounts. The problem originates from an error in Windows backups. Consequently, any user could use the command prompt to access the NTLM hashed password. Consequently, change the sysadmin password. This would grant you these privileges. In addition to replacing the real administrator. Certainly, vulnerability is limited. It requires physical access to the computer. However, it would affect corporate environments.
The problem is present from Windows 10 version 1809 onwards, including Windows 11. However, by doing a clean install of version 19042 there should be no problems. Microsoft has confirmed the flaw. It also announces that they are working to resolve it. For the time being, they offer an alternative solution. While a security patch is being released. What you have to do is the following:
- Open the Command Prompt or Windows PowerShell as administrator.
- Run the command: icacls %windir%\system32\config. /inheritance:e
- Delete the Windows 10 restore points and delete existing volume snapshots (%windir%\system32\config)
- Create a new system restore point.
As you can see, a serious Windows bug affects account security. We can only hope that it will not affect so many users. As always, we recommend a lot of common sense. In addition to being aware of the updates. All right, that’s all for now. Stay tuned for the latest news on osradar. See you soon!