A Colombian security researcher has detected a surprisingly simple Windows® 10 backdoor hack that can enable practically any user account to gain admin permissions. By tinkering with the unique Relative Identifier (RID) associated with every Windows account, anyone can update their account to have nearly ultimate power in an IT organization. To make matters worse, as of this writing, Microsoft® has yet to respond to this vulnerability.
The Ramifications of the Hack
For your average employee, having admin access carries little weight. Sure, maybe one can use their newfound admin abilities to turn off the pesky privacy features that their IT admin installed on their system. They could change another user’s account to have a silly meme instead of their profile photo, or change their account name to Mickey Mouse. But, petty office pranks aside, unrelinquished admin access is nothing but trouble.
An employee with unauthorized admin privileges and an ounce of malcontent is a dire threat to any organization. With the power permitted by being an admin, bad actors can have a heyday on sensitive company information, tamper with other users’ account setting, and even affect other admin accounts. The same could be said for a hacker exploiting this backdoor from the outside. The consequences are grave, to say the least.
Here at JumpCloud, we believe that this sort of vulnerability compromises the very core tenets of IT practice. That’s why our Directory-as-a-Service product is designed to prevent a similar occurrence. With Directory-as-a-Service, admins can strongly control the authorization of access to user accounts via a secure, remote admin console in the cloud. This authorization is carried out on an endpoint level by the JumpCloud Agent, which is downloaded and installed on each user’s system.
That last sentence may have set off alarm bells in the minds of some, and for good reason. Anything installed should be able to be uninstalled, right? And, if a user can uninstall their Agent, who’s to say they can’t change their permissions as well? Well, in their audit of the JumpCloud Directory-as-a-Service product in regards to GDPR, HIPAA, (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/windows-10-backdoor-hack/