The Windows Exploits seems to to rolling out this july!
Yesterday a new:
Windows Elevation of Privilege Vulnerability
Was shown to the public 🙁
Restrict access to the contents of %windir%\system32\config
- Open Command Prompt or Windows PowerShell as an administrator.
- Run this command:
icacls %windir%\system32\config\*.* /inheritance:e
Delete Volume Shadow Copy Service (VSS) shadow copies
- Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config.
- Create a new System Restore point (if desired).
Impact of workaround Deleting shadow copies could impact restore operations, including the ability to restore data with third-party backup applications.
Note You must restrict access and delete shadow copies to prevent exploitation of this vulnerability.
New installs of 20H2 seems not affected, but upgraded systems before 20H2 TO 20H2 have the flaw!
So hackers needs to have physical or remote access to the computer somehow, to get this exploit going, so should one wait for patch or workaround, that’s for each one to decide 🙂