What you need to know
- A vulnerability has been discovered in Windows 10 and 11.
- Sensitive Registry files are vulnerable to low-privilege users.
- Passwords and more sensitive information are at risk.
Update July 21, 2021 at 12:45 p.m. ET: Microsoft has confirmed the vulnerability's existence, labeling it CVE-2021-36934 (opens in new tab). It affects "Windows 10 version 1809 and newer operating systems," according to Microsoft.
The fight for security is neverending, as can be evidenced by the fact that yet another vulnerability is leaving Windows 11 and Windows 10 users exposed not long after Windows Print Spooler issues threw everyone, all the way up to the U.S. government, for a loop. Now you can worry about your printer as well as the contents of your Windows Registry.
In case you're not familiar with what's stored in the Windows Registry, lots of useful info is hidden away in there. Passwords, app configuration options, associated Windows security tokens, and more are all inside it. Typically, you needn't worry about the contents of the Windows Registry because users without elevated privileges can't access it.
Given that we're gathered here to discuss a potentially crippling Windows vulnerability, you can see where this is going.
As reported by BleepingComputer, it's been discovered that low-privilege users can, in fact, access Registry content, including key items such as Security Account Manager (SAM) files, by utilizing Windows shadow volume copies. BleepingComputer breaks down the consequences for Windows 11 and Windows 10 in detail, but the long and short of it is that threat actors can use the vulnerability to snag important passwords and gain elevated system privileges.
Though this issue was confirmed to be present on a fully patched Windows 10 20H2 build, it was also cited as not being present on a clean installation of Windows 20H2. The question of whether this vulnerability is exclusive to versions that have gone through the upgrade process rather than been freshly installed remains unanswered.
In news relating to Microsoft security efforts that are going as intended, check out the company's takedown of malicious homoglyphs.
Windows Central Newsletter
Get the best of Windows Central in in your inbox, every day!
Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to email@example.com.
Question: article says it doesn't occur on new installs of 20H2, but bullets at top say the vulnerability affects Windows 11. Does that mean that the problem came back for new installs? Or it applies to all upgrades (vs new installs), even if that happens to be to Windows 11? Same for 21H1?
It seems to be an issue of upgrading, even with regards to Windows 11 builds. Microsoft just officially acknowledged the vulnerability as CVE-2021-36934, so it should now be easier to track to see what it's currently affecting. Microsoft says it impacts "Windows 10 version 1809 and newer operating systems."
TLDR - Make sure you have a firewall installed and configured aggressively to prevent any unauthorised changes - sure, not everything is completely secure but it's better than just running Windows Defender,
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.