Microsoft acknowledges Windows 11 and Windows 10 admin privileges vulnerability

News
By Sean Endicott
last updated

Microsoft issued a security advisory regarding the recently discovered admin privileges vulnerability.

Windows 11 Install
Windows 11 Install (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft acknowledges an admin privileges vulnerability in a new security advisory.
  • The vulnerability affects PCs running Windows 11 or Windows 10.
  • If exploited, the vulnerability could allow people with low privileges to access Registry files.

Windows 11 and Windows 10 PCs have a vulnerability that allows users with low privileges to access Registry files. We reported on the issue in depth on July 20, 2021, but Microsoft has since acknowledged the issue in a security advisory.

"We are investigating and will take appropriate action as needed to help keep customers protected," said Microsoft in a statement to BleepingComputer.

The Windows Registry stores several types of secure information, including passwords and decryption keys. As a result, Registry files are only supposed to be accessible to users with elevated privileges. The vulnerability affects PCs running Windows 11 or Windows 10.

Security researcher Jonas Lykkegaard flagged the vulnerability to BleepingComputer. Lykkegaard discovered that Registry files associated with the Security Account Manager and other Registry databases could be accessed by anyone in the "Users" group of a device that has low privileges.

There's a chance that this vulnerability is related to the Windows Update process. It's been confirmed that the issue affects a fully patched Windows 10 20H2 build. It's also been noted that it is not present in PCs with a clean installation of Windows 20H2.

Microsoft shared a workaround for the vulnerability in its security advisory:

Restrict access to the contents of %windir%\system32\config

  1. Open Command Prompt or Windows PowerShell as an administrator.
  2. Run this command: icacls %windir%\system32\config*.* /inheritance:e

Delete Volume Shadow Copy Service (VSS) shadow copies

  1. Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config.
  2. Create a new System Restore point (if desired).

While security issues aren't rare, several notable vulnerabilities have caused problems with Windows recently. The Print Spooler saga started at the beginning of this month and continues to be a problem.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.