Microsoft is investigating a severe bug that could enable hackers to take control of your PC.
A new security threat is perceived in the latest versions of Windows that hackers could use to manipulate foreign PCs by remotely installing programs, stealing data and passwords, and even locking users out of their machines. Microsoft maintains that all versions of Windows newer than Windows 10, version 1809, including Windows 11 beta, stand the chance of being affected.
One of the critical security strategies to know Microsoft’s Windows is:
Zero Trust Security
While it is apt that Microsoft is developing the hardware requirements extensively for Windows 11—much more so than the enterprise did for Windows 10—a lot has altered for Microsoft around security after 2015’s debut of Windows 10 .
The increase of ransomware attacks, the Spectre and Meltdown side-channel vulnerabilities, and the massive SolarWinds hack have all captured Microsoft and its platforms in various forms.
The past year, in specific, has seen Microsoft get far more vocal and destructive around the need for strengthening security. That has comprised a weight on urging enterprises to change to the cloud from on-premises groundwork.
However, shifting to the cloud is not a predicament for many of the top PC security issues, leaving PCs as a weak link. It appears to be at least part of why Microsoft is thrusting hardware security measures so profoundly with Windows 11.
One way to comprehend the larger purpose for Microsoft is that the company is attempting to enable “zero trust” security for its consumers, based around the ideology that no client should be trusted by default since they could be negotiated.
Zero trust security will be a significant locus at Microsoft’s Inspire 2021 partner conference the following month, Chief of Microsoft Channel Rodney Clark said in a latest interview with CRN.
“As a company, we have been concentrated on this thought of zero trust. We understand that any enterprise needs to embrace this to adapt to the intricacy in today’s secure environment,” Clark said. “There is no patch, per se, and no instant fix. And so the information to partners is because security is usually the No. 1 or the No. 2 areas of investment for our clients, [partners] also need an approach to zero trust.”
According to Microsoft’s bug report, the vulnerability is due to “overly permissive Access Control Lists (ACLs) on various system files, including the Security Accounts Manager (SAM) database.” The actual effect of the bug has not yet been substantiated through case studies. Still, Microsoft’s report forecasts that such an attack is “likely”, because the target hardware is incredibly vulnerable to such malware. To launch an attack, the hacker would need direct access to a person’s computer, which is possible either physically or by deceiving the operator of the target machine into downloading malware-laden files. Furthermore, once a hacker trespasses into a machine, s/he can wield complete administrator control over it and “install programs; view, change or delete data; or create new accounts with full user rights.”
Microsoft will plug the potential entry protocols in future security updates for Windows 10 and 11, but users should be alert until then. Users should practice common-sense data security, beware of clicking unknown email links or downloading dubious websites. In addition, they should use reliable anti-malware programs.
There is also a temporary safeguard that restricts access to the targeted system files on your PC. It will keep hackers out but will complicate the process of recovering files using the System Restore feature. This is why it will not act as foolproof long-term security. However, one should adopt measures to protect oneself from possible security breaches.
First, you need to limit access to the “%windir%\system32\config” system folder.
Use the taskbar to search for “PowerShell.” (the steps can be performed in Command Prompt.)
Right-click “Windows PowerShell” from the results and press “Run as an administrator.”
In PowerShell, type the following command: icacls %windir%\system32\config\*.* /inheritance:e
and Press “Enter.”
Next, you require to delete your System Restore points. Again, make sure to do this after you restrict access to %windir%\system32\config.
Right-click “My PC” from the Windows File Explorer and select “Properties.”
Click “System Protection” from the left-hand drop-down menu.
Click to highlight your local hard drive in the “Available drives” list, then click “Configure.”
Click “Delete,” then “Continue” to confirm.
After deleting the old backups, you can create a new System Restore point if you want: Return to the System Protection tab, highlight your drive and then click “Create.” Add a description, like a date and time, for the restore point, and then click “Okay.”
