Microsoft is warning Windows 10/11 users of the need to forcibly upgrade the newest OS version due to discovered security vulnerabilities that hackers can exploit for administrator-level access. The upgrades are to address issues related to file deletion, app installation, and application running.
The Windows 10/11 update warning comes after SandboxEscaper- a notorious Windows vulnerabilities hunter- released a handful of exploits that allow anyone to gain “full control” over Windows 10/11 and Server 2019 machines.
The release of these security vulnerabilities is awful timing for Microsoft. Prior to the rollout of its latest Windows 10/11 update, Microsoft had promised to give users greater control, quality, and transparency over the update process. Users could, for instance, schedule updates, postpone them, or enable the Intelligent Active Hours option, a feature that automatically detects when a user is busy on their PC and schedules updates to when they are most likely away from their computer.
At the same time, the new Windows release was supposed to be less vulnerable to zero-day exploits. But it now looks that the company will have to save face by breaking that promise and deliver the security patches without user consent.
Windows 10/11 Home users who make up the majority of the 800 million plus Windows user base are going to be hit the hardest because they can’t automatically defer updates of any kind. The only good news about the latest exploit if any, is that it requires someone to have access to your computer to be able to take advantage of it. This is in great contrast to previous Windows 10/11 security vulnerabilities that deleted user data, slowed chromium- based browsers, degraded gaming performance, and broke app updates by allowing remote access.
Windows 10/11 Security Patches
Microsoft has promised patches for these security updates, but the company is hardly out of the woods yet. SandboxEscaper has opted not to cooperate with the company on the security vulnerabilities, but has instead chosen to release them on Github with proof of concept demos that explain how to use the exploits.
The hacker is also reportedly looking to sell similar exploits to a “non-western buyer” for 60,000 in unspecified currency. It is not the first time that SandboxEscaper has released Windows zero exploits without following responsible user guidelines. In 2018, for instance, the guerilla developer disclosed a Windows zero-day exploit in Windows task scheduler that could enable a bad actor to gain elevated privileges.
The particular exploit took advantage of the fact that a Windows task scheduler API did not check for permissions. Microsoft later patched the exploit, but not before it was exploited in a spying campaign just two days after the disclosure.
It is such history that has Microsoft worried. On the one hand, it wants to keep its promise of greater control over the update process to users, and also, it has to play cat and mouse games that some zero-day exploit hunters like SandboxEscaper like to engage in.
A Breakdown of the Four Windows 10/11 Vulnerabilities
The latest exploit dubbed as “ByeBear” enables local attackers to bypass a recent CVE-2019-0841 Windows patch and to subsequently gain permission to install programs, delete, and change or view user data. The privilege escalation flaw exists because the Windows AppX Deployment Service (AppXSVC) improperly handles hard links.
The second bypass for the CVE-2019-0841 Windows patch as revealed by SandboxEscaper on her Github write-up works by way of deleting all files and subfolders within: (“c:\\users\\%username%\\appdata\\local\\packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\”) and then launching Microsoft Edge twice. The browser will crash the first time, but on the second time, she said, “it will write the DACL [discretionary access control list] while impersonating “SYSTEM.”
This second launch results in improper personation, which gives the attacker elevated access. SandboxEscaper also revealed that this particular bug is not restricted to Microsoft Edge and can also be triggered with other packages too.
Another zero-day exploit that was revealed as part of the disclosures by SandboxEscaper involved Internet Explorer 11 and which could enable attackers to inject dynamic link library (DLL) into the browser. The other exploit was an “installer bypass” issue in the Windows update.
Microsoft’s Response to the Security Vulnerabilities
On the Internet Explorer bug, this is what Microsoft had to say: “To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.” It seems that the company is confident that the exploit would be hard to take advantage of.
And that is all there is to say about the latest Windows 10/11 update warning, but before you go, we would recommend that you keep your system updated and free from malware and other threats by cleaning it with a PC repair tool, such as Outbyte PC Repair. That way, your PC will not be an easy target for malicious actors.