I say this year has been a bad year because the major attacks on Microsoft products have been particularly dangerous. There were the Microsoft Exchange Server attacks, which remain a threat, and of course, the ongoing PrintNightmare exploit targeting Windows Print Spooler. The latest exploit could have the potential to be as dangerous as both those attacks. As reported by BleepingComputer, a vulnerability in the Windows Registry allows access even to users with low-level privileges. If you are unfamiliar with Windows Registry, it provides the underpinning of the Windows 10 platform. Just about every piece of information is available there, including app configurations, Windows security details for services, passwords, and more. To access the registry, users need to have elevated privileges, which usually means local access/administrator or admin on a system.
Vulnerability
However, it seems this is not actually the case. The report points out someone could use Windows shadow volume copies to access the Windows Registry, even without that elevated privilege access. At the core of the situation, this means a hacker could leverage this flaw to gain access to a Windows machine. One interesting aspect of this vulnerability is it does not seem to be consistently present. It has been found on Windows 10 20H2 that are fully patched. However, it is not visible on Windows 20H2 builds that have been clean installed. Still, there is currently no way to know if this is exclusive to builds that have been upgraded. We will need Microsoft to step in an confirm this vulnerability to understand how it affects the platform. Tip of the day: Hard drives are getting faster and more affordable every day, but unfortunately, their moving parts will always make them loud and mean their power draw isn’t insignificant. This can be a particular issue for those with laptops, leading many to wonder how to turn off a hard disk after it reaches an idle state. In our tutorial we are showing you Windows 10: How to Turn off Hard Disk after Idle to Save Power .