Hackers provide great insight into how Windows user sessions can be taken over and the information within the session easily accessed. While passwords can be reset for users by administrators, but it’s also possible for the session to be hijacked, even those sessions of administrators and system users, without having to know the password.
There are built-in command tools for Windows sessions that allow local users the ability to not only take over a session of a person logged into windows, but the person hacked into can have higher security clearance than the person doing the hacking. It’s a problem that works on just about every version of Windows, and there are no special privileges required. It’s hard to tell if this is even a Windows feature that is designed for the program or a security flaw that needs to be addressed.
This problem with Windows is not a new problem. Researchers had discovered that similar problems existed over six years ago when the technique was described by Benjamin Delpy.
The hacker is able to get into the system, gaining privileges that they shouldn’t have. Over time, the user could continue to hijack more and more secure sessions, gaining all types of access to sensitive data and applications that they can then use for their own profit. While a hijacker initially needed access to the machine being targeted, it’s also possible for an attack to be made remotely once the machine has already been hacked.
This problem was tested by Alexander Korznikov, who checked out Windows 10 and the newest versions of all Windows available, and the flaw still worked. A locked workstation made no difference as to whether the machine could be hacked or not.
Microsoft does not consider this flaw a security problem at all, stating that any person who already has administrative permission can do anything on the network anyway. Korznikov disagrees and is evident about how an individual who wants to use this flaw for their own gain can gather sensitive data.
The problem is, not everyone within an agency or business should have access to everything within the system. Billing systems can be hacked into, and secure information will be easy to access. Also, a hacker can try to access the system memory and gather passwords of users. This is a complicated process but can be done by the right person seeking information.
Security flaws exist in Microsoft, even if the company doesn’t believe it’s an actual risk. The company states that it isn’t a risk because a local admin has to log into the computer, which is how the system operates in the first place.
403Tech is one of the Top 50 Managed IT services companies in Canada.