The Windows vulnerability gives everyone access to the computer without logging into the user account

by


Updated March 2023: Stop getting error messages and slow down your system with our optimization tool. Get it now at this link
  1. Download and install the repair tool here.
  2. Let it scan your computer.
  3. The tool will then repair your computer.

Users receive new Windows 7 security advisories every week reminding them of Internet attacks, downloaded malware and many other attacks users use to access a computer. What is rarely mentioned and no less important are the physical attacks to which a user is exposed when someone tries to attack his computer.

Take for example – you have a computer at work and one at home and sometimes you need to take your work home and have very important files stored on your computer at home, or you just don’t want someone to access your computer. The average user has a defense line to prevent people from connecting to your computer and doing what they want with your files. Advanced users know other methods such as setting a password via BIOS, but most users have no idea that you can do this.

Two weeks ago, I wrote a program that allows a user to replace the Ease Of Access button on the login screen. This has been designed as a way to give users more flexibility, as some users do not use the Ease Of Access button. (16)

In compiling this application, I came across something by chance. A small change in the code on my application, and not only could a user replace the Ease Of Access button, but the user could use it as a way to access someone’s computer from the login screen. All you had to do was replace the Ease Of Access button with a special native Windows tool!



March 2023 Update:

You can now prevent PC problems by using this tool, such as protecting you against file loss and malware. Additionally it is a great way to optimize your computer for maximum performance. The program fixes common errors that might occur on Windows systems with ease - no need for hours of troubleshooting when you have the perfect solution at your fingertips:

  • Step 1 : Download PC Repair & Optimizer Tool (Windows 10, 8, 7, XP, Vista – Microsoft Gold Certified).
  • Step 2 : Click “Start Scan” to find Windows registry issues that could be causing PC problems.
  • Step 3 : Click “Repair All” to fix all issues.

download



This would possibly allow a user to bypass all user passwords and allow the user to connect a flash drive … ; and remove everything he wanted from the computer. This would not only allow the user to delete files, but also to delete, modify or move any file on the computer, essentially destroying the operating system, which would require reinstallation.

Below you will find screenshots of my modified application at work:

User account test, password protected

My USB stick inserted. Indicates that there are no files on the drive

When I browse the test account, three files I created for testing are selected and copied.

Copy to USB stick.

Connection, with files I copied on thumb drive

I have been in contact with Microsoft through several emails explaining the problem, I have also provided Microsoft with all the details and code I use, and so far the response has not been very positive, as the employee I spoke to does not seem to think it is a problem. I am still waiting for their next response to see what steps Microsoft can take to solve this problem and I hope they will take the problem seriously.

This is the response of Microsoft representatives:

There are some behaviours that make this a problem that we would not consider a vulnerability based on my understanding of your report.

  1. To run an executable other than Admin, the file to be modified must be modified by an Admin. The modified utility can then also represent the Default user when logging in, but the change must be made by an administrator user.
  2. Physical access to the system is necessary to perform this behaviour. There are many malicious things a user can do with physical access to a system, and although we publish best practices for the physical security of computer resources, we cannot protect ourselves from physical access in its entirety.

The following link was provided by Microsoft, indicating that the problem was

#3 and (1)#6 on this list : 10 Invariant laws of security

What the Microsoft representative did not understand is that a user did not need to be an administrator to run the code. It can be used by anyone with sufficient knowledge

My point to Microsoft is simple. Replacing the Ease Of Access button shouldn’t be that easy. Better measures should have been taken to ensure that something so important cannot be changed because it is a central element of the login screen. If they cannot guarantee it, there should be an option not to display this button.

If others think this is a serious problem, please contact security (at) microsoft (dot) com and express your concerns.



Expert Tip: This repair tool scans the repositories and replaces corrupt or missing files if none of these methods have worked. It works well in most cases where the problem is due to system corruption. This tool will also optimize your system to maximize performance. It can be downloaded by Clicking Here

Post Views: 64
Related posts:
  1. How to ignore security issues when configuring a local user account on Windows 10
  2. Easy access to replacement: Replace the Easy Access button in Windows with useful tools
  3. How to enable or disable a Windows 10 user account
  4. How to set different screen resolutions for each user account in Windows 10/8/7