Windows Exposes Admin Passwords | Windows 10/11 Vulnerability Exposes Passwords to local users
A Twitter user posted on his page, that he has found Windows 10/11 vulnerability that exposes admin passwords to local users who can then escalate their privileges up to admin, giving them total system access. He also noted that he found that Windows Security Account Manager (SAM) data could be read by users with very limited privileges, giving them access to admin passwords.
Microsoft seemingly caught wind of the vulnerability and posted an Executive Summary of the issue on its Security Vulnerability page.
Windows 10/11 Vulnerability | Windows Exposes Admin Passwords
Microsoft says this new vulnerability is a result of inadequate protection of access control lists on several system files, which include the SAM database. Microsoft further noted that an unauthorized person could use the vulnerability to run custom code that takes advantage of higher system privileges and could add, change or delete user data. They further concluded by noting that unauthorized users would need to have the ability to run code on such systems to be able to take advantage of the vulnerability.
See Also: Checkout Whatsapp New Features
Microsoft says this new vulnerability is a result of inadequate protection of access control lists on several system files, which include the SAM database.
Users on Twitter and other have noted the vulnerability exists only for systems running build 1809 of Windows 10 and some versions of Windows 11.
They note also that in addition to allowing access to SAM data, the vulnerability also allows access to certain system and security files. For a nefarious person to take advantage of the vulnerability, the system must have a VSS shadow copy of the system drive.
Windows Exposes Admin Passwords | Windows 10/11 Vulnerability
This copy may exist on user systems due to involuntary actions they may have taken, such as installing a hard drive that holds more than 128GB and then conducting a Windows update. Adding an installer package file format called MSI will do so, as well. Users who want to know if their system has the vulnerability can run the system command vssadmin.
Microsoft notes that customers will be updated as they learn more, although no timeline for a patch has yet been announced.