Microsoft has shared a workaround to protect Windows users while working on a permanent solution
Windows 10 users are very alert to a dangerous new flaw lurking in the popular desktop operating system. Called SeriousSAM, attackers can gain administrative privileges on vulnerable systems, allowing them to install malware, applications, delete files, and much more. SeriousSAM is a so-called “zero-day vulnerability”, which means that attackers already know how to exploit the flaw. That means Microsoft is in a race against the hackers – to fix the problem before too many people fall victim to hackers abusing the problem.
Fortunately, Microsoft is working on a solution. However, these things take some time. And while the Redmond-based company is working hard on a permanent patch for the problem, which it refers to as CVE-2021-36934, Microsoft has shared a solution to help protect your laptop, desktop PC or tablet from these attacks.
“An elevation of privilege vulnerability exists due to overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database,” Microsoft explains in a statement. a safety advice published earlier this week. “An attacker could then install programs, view, modify, or delete data, or create new accounts with full user privileges. An attacker would need the ability to execute code on a victim’s system to exploit this vulnerability.”
This latest zero-day vulnerability has consequences all versions of Windows launched from October 2018 to the present.
Even more Fire TV users have now unlocked the biggest upgrade since launch
You need to run Command Prompt as administrator to use the workaround
Microsoft has shared the following steps to block exploitation of this vulnerability until the final fix arrives…
Restrict access to the contents of %windir%system32config:
- Open Command Prompt or Windows PowerShell as an administrator.
- Run this command: icacls %windir%system32config*.* /inheritance:e
To delete Volume Shadow Copy Service (VSS) shadow copies:
- Delete all system restore points and shadow volumes that existed before accessing %windir%system32config . was restricted
- Create a new system restore point (if desired)
While the workaround will keep your machine safe, there are some side effects. Microsoft has warned users that deleting these shadow copies from their systems – as explained above – will affect some system and file restore operations, for example if you use a third-party backup app to restore data. If you or your company relies on a third-party backup solution, it may be worth bypassing the workaround for now.
With any luck, a permanent fix will be coming very soon that won’t break some backup solutions.
“We are investigating and will take appropriate action to protect customers,” a Microsoft spokesperson assured in an interview with security blog beeping computer.
Check all Technology News here: Gaming Ideology