A new vulnerability has been discovered in the latest versions of Windows that allows hackers to remotely install programs, steal data and passwords, and even prevent users from accessing their computers. According to Microsoft, all newer versions of Windows than Windows 10, version 1809 are affected – including the beta version of Windows 11.
for me Microsoft bug report, the vulnerability stems from “excessive disclosure of access control lists (ACLs) in multiple system files, including the Security Accounts Manager (SAM) database”. The bug was not successfully exploited, but a Microsoft report warns that such an attack is “likely” given the severity of the vulnerability. To carry out an attack, an attacker would need direct access to someone’s computer – physically or by tricking them into loading malware files. Even if the hacker gains access, he can give himself full administrative control and “install programs, view, modify or delete data or create new accounts with full user rights”.
Microsoft will probably fix the issue in future security updates for Windows 10 and 11, but until then, users should be careful. Practice common sense data security, such as not clicking on unknown email links or downloading files from sketchy websites and using reliable anti-malware software.
There is also a temporary solution that will restrict access to vulnerable system files on your PC. This keeps hackers away, but makes files harder to recover with System Restore – so it does not work as a long term solution. However, it is worth considering whether you want to fully protect yourself from potential security breaches.
First you need to restrict access to the “% windir% system32config” system folder.
- Use the taskbar to search “PowerShell.” (Note: You can also perform these steps in Command Prompt.)
- Right click Windows PowerShell of the results and click “Run as an administrator.”
- In PowerShell, type the following command:
icacls %windir%system32config*.* /inheritance:e
- Parse “Enter.”
Next you need to clear your System Restore points. Make sure you do this after you restrict access to % windir% system32config,
- Right click “My PC” from the Windows File Explorer and select “Properties.”
- Click “System protection” from the left menu.
- Click to highlight your local hard drive in the “Available disc” list, then click “Setting up.”
- Click “Delete,” dan “Keep going” Confirm.
Once the old backups are deleted, you can restore a new system if you wish: Go back to the System Protection tab, highlight your drive, then click “To make.” Add a description for the restore point (such as the date and time), and then click “Okay.”