Monday, February 17, 2025
HomeData BreachNew Windows 10 Update System vulnerable to Hack with Critical security Flow

New Windows 10 Update System vulnerable to Hack with Critical security Flow

Published on

SIEM as a Service

Follow Us on Google News

The most recent adaptation of the Microsoft OS has gotten to be at the end of the day a point of examination, and this time it might convey terrible news for your organization’s security.

As the cybersecurity Expert Sami Laiho uncovered on his blog, each Windows 10 redesign represents a genuine hazard. Specifically, while your framework redesigns, anybody can take control of your corporate PCs.

This is a major issue and it has been there for quite a while,” clarifies Laiho. This genuine defect becomes possibly the most important factor when the OS restarts in the wake of introducing another redesign.

Once the framework is being redesigned, all you have to do to pick up control of it is to push Shift-F10 to get to the summon Gain access with administrator level Privilege .

In light of this, the perils that your organization appearances are multifaceted. In reality, any worker can take control of their PC as manager, get to secret reports, or get to the corporate system and make a difficult issue from inside the organization itself.

Laiho brings up that it is not important to utilize a particular programming to complete this cyberattack. Simply that guiltless blend of keys is sufficient to sow tumult.

As though that wasn’t sufficient, the danger is not restricted to the individuals who have physical access to the PC: “An outside risk having admittance to a PC sits tight for it to begin a move up to get into the framework,” clarifies Laiho.

Microsoft is evidently attempting to settle this genuine defect. Then, the most vital thing to forestall dangers is to depend on a satisfactory security arrangement, and not to put off Windows 10’s dull redesigns.

Disregard to what extent the upgrade takes. In a perfect world you would approve it quickly and remain with the PC at all circumstances.

This is the best way to make certain that no spectators take the driver’s seat of your PC. It is clearly imperative to disclose this to representatives.

Meanwhile, we’ll need to trust that they won’t lay hold of the framework themselves and sit tight for Microsoft to determine this basic weakness.

Why would a bad guy do this:

  1. An internal threat who wants to get admin access just has to wait for the next upgrade or convince it’s OK for him to be an insider
  2. An external threat having access to a computer waits for it to start an upgrade to get into the system

How to prevent:

  • Don’t allow unattended upgrades
  • Keep very tight watch on the Insiders
  • Stick to LTSB version of Windows 10 for now
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking...

Beware! Fake Outlook Support Calls Leading to Ransomware Attacks

Telekom Security has recently uncovered a significant vishing (voice phishing) campaign targeting individuals and...

CISA Warns of Active Exploitation of Apple iOS Security Flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning of...

Threat Actors Exploiting Modified SharpHide Tool to Conceal Registry Entries

Threat actors are leveraging a modified version of the SharpHide tool to create hidden...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Indian Post Office Portal Leak Exposes Thousands of KYC Records

The Indian Post Office portal recently exposed the sensitive Know Your Customer (KYC) data...

Global IoT Data Leak Exposes 2.7 Billion Records and Wi-Fi Passwords Worldwide

A massive security lapse has exposed over 2.7 billion records, including sensitive Wi-Fi credentials,...

OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale

Threat actors from dark web forums claim to have stolen and leaked 20 million...