Make-me-admin holes found in Windows, Linux kernel
Move over, PrintNightmare. Microsoft has another privilege-escalation hole in Windows that can be potentially exploited by rogue users and malware to gain admin-level powers.
Recent builds of Windows 10, and the preview of Windows 11, have a misconfigured access control list (ACL) for the Security Account Manager (SAM), SYSTEM, and SECURITY registry hive files.
As a result of this blunder, non-administrative users may read these databases, if a VSS shadow copy of the system drive is present, and potentially use their contents to gain elevated privileges. According to a US-CERT advisory, the issue appears to affect Windows 10 build 1809 and newer.
Or, shorter, "a local authenticated attacker may be able to achieve [local privilege escalation], masquerade as other users, or achieve other security-related impacts." This can be used to thoroughly infect a system with malware, snoop on other users, and so on.
You may think you're safe because your Windows PC doesn't have a suitable VSS shadow copy, yet there are ways to end up quietly creating one and put your machine at risk.
