A vulnerability in operational systems Windows 10 and Windows 11 is leaving admin passwords exposed to local users. This can allow other profiles to escalate their permissions and gain admin privileges. In practice, this gives full access to the system for all users of the same computer.

According to a user of Twitter identified as Jonas Lyk, Windows Security Account Manager (SAM) data can be accessed by users with very limited privileges. It appears that Microsoft realized and recognized the vulnerability, and published an executive summary in its Security Vulnerabilities page.


According to Microsoft, this new vulnerability is a result of inadequate protection of access control lists on various system files, including the SAM database. The company further notes that an unauthorized person could use the flaw to run code and add, change or delete user data.

Microsoft concludes the document by noting that unauthorized users must have the technical ability to run code on Windows 10 and 11 systems in order to effectively take advantage of the vulnerability. Microsoft is expected to release new updates on the flaw soon, but there is no date yet. an atualization correct it.

Fault found

Other Twitter users noted that the flaw only exists for systems running Windows 1809 build 10 and some versions of Windows 11. These other users also noted that in addition to allowing access to SAM data, the vulnerability also allows access to certain system and security files.

Read more:

In order to take advantage of the vulnerability, the system must have a VSS copy of the system drive. This copy may exist as a result of inadvertent actions such as installing a hard drive larger than 128GB followed by a Windows upgrade.

With information Tech Xplore

Have you watched our new videos on YouTube? Subscribe to our channel!