Watch out for the latest Windows 11 and Windows 10 admin privileges vulnerability

News
By Robert Carnevale
last updated

Never underestimate the importance of the Windows Registry.

Windows 11 Update Checkforupdate Dark
Windows 11 Update Checkforupdate Dark (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • A vulnerability has been discovered in Windows 10 and 11.
  • Sensitive Registry files are vulnerable to low-privilege users.
  • Passwords and more sensitive information are at risk.

Update July 21, 2021 at 12:45 p.m. ET: Microsoft has confirmed the vulnerability's existence, labeling it CVE-2021-36934. It affects "Windows 10 version 1809 and newer operating systems," according to Microsoft.

The fight for security is neverending, as can be evidenced by the fact that yet another vulnerability is leaving Windows 11 and Windows 10 users exposed not long after Windows Print Spooler issues threw everyone, all the way up to the U.S. government, for a loop. Now you can worry about your printer as well as the contents of your Windows Registry.

In case you're not familiar with what's stored in the Windows Registry, lots of useful info is hidden away in there. Passwords, app configuration options, associated Windows security tokens, and more are all inside it. Typically, you needn't worry about the contents of the Windows Registry because users without elevated privileges can't access it.

Given that we're gathered here to discuss a potentially crippling Windows vulnerability, you can see where this is going.

As reported by BleepingComputer, it's been discovered that low-privilege users can, in fact, access Registry content, including key items such as Security Account Manager (SAM) files, by utilizing Windows shadow volume copies. BleepingComputer breaks down the consequences for Windows 11 and Windows 10 in detail, but the long and short of it is that threat actors can use the vulnerability to snag important passwords and gain elevated system privileges.

Though this issue was confirmed to be present on a fully patched Windows 10 20H2 build, it was also cited as not being present on a clean installation of Windows 20H2. The question of whether this vulnerability is exclusive to versions that have gone through the upgrade process rather than been freshly installed remains unanswered.

In news relating to Microsoft security efforts that are going as intended, check out the company's takedown of malicious homoglyphs.

Robert Carnevale
Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.