The fight for security is neverending, as can be evidenced by the fact that yet another vulnerability is leaving Windows 11 and Windows 10 users exposed not long after Windows Print Spooler issues threw everyone, all the way up to the U.S. government, for a loop. Now you can worry about your printer as well as the contents of your Windows Registry.
In case you’re not familiar with what’s stored in the Windows Registry, lots of useful info is hidden away in there. Passwords, app configuration options, associated Windows security tokens, and more are all inside it. Typically, you needn’t worry about the contents of the Windows Registry because users without elevated privileges can’t access it.
Given that we’re gathered here to discuss a potentially crippling Windows vulnerability, you can see where this is going.
As reported by BleepingComputer, it’s been discovered that low-privilege users can, in fact, access Registry content, including key items such as Security Account Manager (SAM) files, by utilizing Windows shadow volume copies. BleepingComputer breaks down the consequences for Windows 11 and Windows 10 in detail, but the long and short of it is that threat actors can use the vulnerability to snag important passwords and gain elevated system privileges.
Though this issue was confirmed to be present on a fully patched Windows 10 20H2 build, it was also cited as not being present on a clean installation of Windows 20H2. The question of whether this vulnerability is exclusive to versions that have gone through the upgrade process rather than been freshly installed remains unanswered.
In news relating to Microsoft security efforts that are going as intended, check out the company’s takedown of malicious homoglyphs.