ShiftDelete.net
FOLLOW US

New threat for Windows 10, 11! Hijacks administrator

RID Hacking threat has emerged in Windows 10 and 11 operating systems. In this way, attackers gain administrator authority.

New threat for Windows 10, 11! Hijacks administrator

Windows 10 and 11 operating systems are facing a new security threat known as RID Hacking. The Relative Identifier (RID) system serves as a unique identifier that determines a user’s access level. Through attacks targeting this system, a low-privilege user account can potentially be elevated to an administrator account. So, what measures can be taken to protect against this threat? Details are in our report…

Administrator Privileges Gained Through RID Hacking on Windows 10 and 11

To begin with, RID in Windows is a unique identifier assigned to every user. For instance, the RID value of an administrator account might be “500,” while that of a regular user could be “1000.” RID Hacking involves altering this value to escalate the privileges of an account. However, for this attack to occur, the attacker first needs to gain SYSTEM-level access to the system. Here’s the typical process an attacker follows:

windows-10-ve-11-icin-rid-tehdit-yonetici-hesabi
  1. SYSTEM access is obtained: The attacker exploits security vulnerabilities to gain SYSTEM-level access.
  2. A hidden account is created: Using the “net user” command, a low-privilege account is created, visible only in the SAM (Security Account Manager) registry.
  3. RID is modified: The attacker changes the RID value of this account to match that of an administrator account, effectively escalating its privileges.
  4. Remote access is enabled: The attacker adds the new account to the remote desktop users and administrator groups.
  5. Traces are erased: The attacker modifies registry data and clears system logs to hide their tracks.
Date revealed for vivo’s price/performance phone!

Date revealed for vivo’s price/performance phone!

Reliable industry sources said that vivo V50 will be launched in February. Here are the details about the model!

How Can This Threat Be Prevented?

To protect against attacks like RID Hacking, the following measures can be taken:

  • Restrict access to the SAM registry: Prevent unauthorized users from accessing this sensitive area.
  • Use multi-factor authentication: Add an extra layer of security for all accounts.
  • Block the use of suspicious tools: Limit the execution of tools commonly used in attacks, such as PsExec and JuicyPotato.
  • Disable guest accounts: Guest accounts, which are often enabled by default, pose security risks.

Experts warn that RID Hacking is a dangerous method because it is very difficult for users to detect such attacks. Once SYSTEM access is obtained, the attacker’s actions can persist even after the system is rebooted, leaving no trace.

What do you think about this threat? What measures are you taking to protect your systems? Share your thoughts in the comments below!

Microsoft
Windows 10

SDN Comments 0 Comments

Comment

Related News

Apple’s new smart home product is delayed until 2026!
Apple’s new smart home product is delayed until 2026!
BYD brought 7 thousand new vehicles to Turkey!
BYD brought 7 thousand new vehicles to Turkey!
The new Minecraft film broke the box office record!
The new Minecraft film broke the box office record!
Models that will receive the One UI 7 update in May
Models that will receive the One UI 7 update in May

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio