Windows 10 is famous for having numerous hidden vulnerabilities, but this newly discovered one is really annoying and serious
A new vulnerability has been discovered in Windows 10 which allows anyone to obtain administrator privileges. The vulnerability is due to a problem with file access permissions for some of those associated with the Windows registry. Specifically, security researchers have shown that anyone can access the data stored in the file Security Account Manager (SAM) in Windows 10.
The problems inherent in vulnerability
The SAM file stores user credentials for users on a computer, so, of course, it should be off-limits from outside access. However, as noted by the security researcher Jonas Lykkeggard (via BleepingComputer), anyone can access the SAM file. Usually the user doesn’t even notice it because the file is constantly being used by Windows, which makes it inaccessible to users. But these vulnerabilities in Windows 10 open up a whole category of more or less serious problems.
This is because Windows backs up these files when creating shadow copies of a drive and these backup files are not in use. Because they still have the same permissions, any user on the computer can access a supported SAM file and see the login credentials for other users. This includes administrators, then a hacker can easily log into an account with just admin privileges.
For example, it can see all active users and find a hashed NTLM password using permission supervision in the. The user can then change the password and use the new password to perform any task that requires administrator privileges, but in case of backup external access would see the new password. You can watch a video on the subject below:
How to avoid the problem
This vulnerability was apparently introduced with Windows 10 version 1809, when Microsoft changed the permissions on the log files. Although this vulnerability still exists in the Windows 10 version 20H2, this appears to be the case only if you have actually upgraded to the above version. According to security analyst Will Dormann, if you install Windows 10 version 20H2, the vulnerability is not present. All you have to do is create a shadow copy of your disk in order to have an accessible and easily sortable SAM file. Hopefully, Microsoft will release a fix soon because this is a rather unpleasant problem.
What do you think about it? Let us know in the comments and keep following us on the TechGameWorld.com pages where you can find the latest news and more.