Microsoft acknowledges Windows 11 and Windows 10 admin privileges vulnerability
Microsoft issued a security advisory regarding the recently discovered admin privileges vulnerability.
What you need to know
- Microsoft acknowledges an admin privileges vulnerability in a new security advisory.
- The vulnerability affects PCs running Windows 11 or Windows 10.
- If exploited, the vulnerability could allow people with low privileges to access Registry files.
Windows 11 and Windows 10 PCs have a vulnerability that allows users with low privileges to access Registry files. We reported on the issue in depth on July 20, 2021, but Microsoft has since acknowledged the issue in a security advisory.
"We are investigating and will take appropriate action as needed to help keep customers protected," said Microsoft in a statement to BleepingComputer.
The Windows Registry stores several types of secure information, including passwords and decryption keys. As a result, Registry files are only supposed to be accessible to users with elevated privileges. The vulnerability affects PCs running Windows 11 or Windows 10.
Security researcher Jonas Lykkegaard flagged the vulnerability to BleepingComputer. Lykkegaard discovered that Registry files associated with the Security Account Manager and other Registry databases could be accessed by anyone in the "Users" group of a device that has low privileges.
There's a chance that this vulnerability is related to the Windows Update process. It's been confirmed that the issue affects a fully patched Windows 10 20H2 build. It's also been noted that it is not present in PCs with a clean installation of Windows 20H2.
Microsoft shared a workaround for the vulnerability in its security advisory:
Restrict access to the contents of %windir%\system32\config
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
- Open Command Prompt or Windows PowerShell as an administrator.
- Run this command: icacls %windir%\system32\config*.* /inheritance:e
Delete Volume Shadow Copy Service (VSS) shadow copies
- Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config.
- Create a new System Restore point (if desired).
While security issues aren't rare, several notable vulnerabilities have caused problems with Windows recently. The Print Spooler saga started at the beginning of this month and continues to be a problem.
Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.