Hacking Book | Free Online Hacking Learning


there are major vulnerabilities in win10, affecting the security of tens of millions of computers around the world

Posted by patinella at 2020-04-10

On October 14, Microsoft's official tool, win10 upgrade assistant, was revealed by researchers that there are major security vulnerabilities affecting tens of millions of home and business users. The official name of upgrade assistant in China is "windows 10 easy upgrade". With this tool, users can easily update the system to the latest major version. As an official tool and mainly used to upgrade the operating system, the upgrade assistant has system level permissions, which is also the main reason for the high vulnerability.

The loopholes found by the researchers:

After analyzing the software, researchers found that the vulnerability of a component can be used to claim rights, and hackers can create accounts with the same rights as users. For example, when the login user has administrator rights, the hacker can also create a new administrator account, which can be used to install any backdoor program. Then with the help of these backdoors, users can be monitored or remotely read arbitrary files, steal confidential data and data of enterprises, or even monitor user sessions. Therefore, this vulnerability is harmful to both family and enterprise users, but it can be solved by directly uninstalling the upgrade assistant.

Affect the security of tens of millions of computers around the world:

As the official tool of Microsoft, in addition to users' active download and installation, Microsoft will automatically push the upgrade assistant through system update to help users upgrade. Users with older versions of Windows 7, 8.1, and 10 are likely to install the upgrade assistant automatically through system updates. It is conservatively estimated that at least 10 million computers in the world have been installed by Microsoft. Fortunately, Microsoft has confirmed that this vulnerability can only be triggered after local verification. Local authentication means that an attacker must implant malware remotely by computer or other means, and then use the vulnerability of upgrade assistant to raise rights. For example, if an enterprise employee uses an account with ordinary permission, the attacker can plant malware into the employee through phishing, and then exploit the vulnerability to raise the right to the administrator level. So it's true that the vulnerability is more harmful, but the process of exploitation is not easy. At least it's difficult for attackers to launch large-scale network attacks.

Microsoft has released a new version to solve the problem:

After receiving the researchers' report, Microsoft has fixed the vulnerability and released a new version. If the user does not disable automatic update, the assistant should have been upgraded. If the user finds the kb4023814 update in the system update, it is the upgrade assistant. If you need to use it, you'd better allow this update to fix the vulnerability. Of course, the escalation assistant will make complaints about the upsurge of users frequently, so they are often affected by Tucao. If users do not want to upgrade, then it is better to uninstall the upgrade assistant directly. Direct uninstallation is a very simple and crude solution. Microsoft says uninstalling the windows 10 upgrade assistant can also solve potential security threats.