A new vulnerability has been discovered in the latest versions of Windows that hackers can use to remotely install programs, steal data and passwords, and even lock users off their PCs. Microsoft says that all versions of Windows newer than Windows 10 version 1809 are affected – including Windows 11 beta.
According to Microsoft bug report, the vulnerability stems from “overridden access control lists (ACLs) on multiple system files, including the Security Accounts Manager (SAMS) database.” The bug has not been exploited, but Microsoft’s report warns that such an attack is “likely” given the severity of the vulnerability. In order to carry out an attack, the attacker would need direct access to a person’s computer – either physically, or by tricking them into downloading files loaded with malicious software. Once a hacker has access, they can give themselves full administrator control and “install programs; view, modify or delete data; or create new accounts with full user rights. ”
Microsoft will apparently fix the issue in future security updates for Windows 10 and 11, but users should be careful until then. Practice computer security with common sense, such as not clicking on unknown email links or downloading files from sketchy websites, and using reliable anti-malware programs.
It is also a temporary solution that restricts access to the vulnerable system files on the PC. This will keep hackers out, but will make it more difficult to recover files using the System Restore feature – hence why it will not work as a long term solution. Still, it is worth considering whether you want to protect yourself from possible security breaches.
First you need to restrict access to% windir% system32 config” system folder.
- Use the taskbar to search for “Power call.” (Note: You can also perform these steps in the command prompt.)
- Right click Windows PowerShell from the results and click “Run as administrator.”
- Type the following command in PowerShell:
icacls %windir%system32config*.* /inheritance:e
- Press “Enter.”
Then you need to delete your system restore points. Be sure to do this after you restrict access to % windir% system32 config.
- Right click “My PC” from Windows File Explorer and select “Properties.”
- Click “System protection” from the menu on the left.
- Click to select your local hard drive in “Available stations” list, and then click “Configure.”
- Click “Delete” then “Continue” to confirm.
Once the old backups are deleted, you can create a new system restore point if you want: Return to the System Protection tab, select your drive, and then click “Create.” Add a description for the restore point (for example, date and time), and then click “All right.”