New Windows 10 Vulnerability Allows Anyone to Get Admin Privileges

Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. Security researcher Jonas Lykkegaard has discovered that Windows 10 and Windows 11 Registry files associated with the Security Account Manager (SAM), and all other Registry databases, are accessible to the ‘Users’ group that has low privileges on a device. These low permissions were confirmed by BleepingComputer on a fully patched Windows 10 20H2 device, as shown below.

(Source: Bleeping Computers)

Microsoft Shares Workarounds for Serioussam Windows 10 Zero-Day Bug

Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.

The security flaw publicly disclosed by security researcher Jonas Lykkegaard on which is yet to receive an official patch, is now tracked by Microsoft as CVE-2021-36934.

These are the steps Microsoft is recommending to block exploitation of this vulnerability temporarily:

Restrict access to the contents of %windir%\system32\config:

1. Open Command Prompt or Windows PowerShell as an administrator.

2. Run this command: icacls %windir%\system32\config\*.* /inheritance:e

Delete Volume Shadow Copy Service (VSS) shadow copies:

1. Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config.

2. Create a new System Restore point (if desired).

Microsoft is still investigating the vulnerability and is working on a patch that will most likely be released as an out-of-band security update later this week.

(Source: Bleeping Computers)

Google Chrome Now Comes With Up To 50x Faster Phishing Detection

Google Chrome now comes with up to 50 times faster phishing detection starting with the latest released version 92, promoted to the stable channel on Tuesday.

The phishing site detection speed-up stems from improvements to the Chrome image processing tech used to compare the color profiles of visited websites with collections of signals associated with phishing landing pages.

(Source: Bleeping Computers)

NPM Package Steals Chrome Passwords on Windows Via Recovery Tool

New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems.

Additionally, this malware listens for incoming connections from the attacker’s C2 server and provides advanced capabilities, such as screen and camera access, directory listing, file lookup, file upload, and shell command execution.

(Source: Bleeping Computers)

You might also be interested in our blog posts such as “HOW TO PROTECT YOURSELF AGAINST CYBER-ATTACKS“, “WEBSITE ATTACKS PROTECTION“, and “HOW TO DOWNLOAD AND INSTALL MICROSOFT WINDOWS 11 BETA“.