A new security vulnerability has been discovered in the latest versions of Windows that hackers could use to remotely install programs, steal data and passwords, and even lock users out of their PCs. Microsoft says all versions of Windows newer than Windows 10 version 1809 are affected, including the Windows 11 beta.
According to Microsoft’s bug report, the vulnerability stems from “overly permissive access control lists (ACLs) on multiple system files, including the Security Account Manager (SAM) database”. The bug was not exploited successfully, but the Microsoft report warns that such an attack is “likely” given the severity of the vulnerability. To execute an attack, the attacker would need direct access to a person’s computer, either physically or by tricking them into downloading files loaded with malware. Once a hacker has access, they can give themselves full administrator controls and “install programs; view, modify or delete data; or create new accounts with full user rights.
Microsoft will ostensibly fix the problem in future security updates for Windows 10 and 11, but users should be careful until then. Practice common sense data security, for example by not clicking on unknown email links or downloading files from sketchy websites, and using reliable anti-malware programs.
There is also a temporary workaround that restricts access to vulnerable system files on your PC. This will keep hackers out, but make it harder to recover files using System Restore, which is why it won’t work as a long term solution. Still, it’s worth considering if you want to fully protect yourself against possible security breaches.
First, you need to restrict access to the “% windir% system32 config“ system folder.
- Use the taskbar to search “PowerShell”. (Note: You can also perform these steps in the command prompt.)
- Right click “Windows PowerShell” from the results and click “Execute as administrator.”
- In PowerShell, type the following command:
icacls %windir%system32config*.* /inheritance:e
- hurry “Enter.”
Then you need to delete your system restore points. Make sure you do this after you limit access to % windir% system32 config.
- Right click “My computer” in Windows File Explorer and select “Properties.”
- Click on “System protection” from the left menu.
- Click to highlight your local hard drive in the “Available discs” list, then click “Configure”.
- Click on “Remove,” then “To continue” to confirm.
Once the old backups are deleted, you can create a new System Restore point if you want: Go back to the System Protection tab, highlight your drive, and click “To create.” Add a description for the restore point (such as date and time), then click “OK.”