A hacker from Israel managed to hack a Windows account in just one minute. He did it without knowing anything regarding the login information.
Alexander Korznikov is a security expert and managed to find a way to hack into a Windows account in just one minute. Kevin Beaumont, who is also a security expert, confirms that this is possible in every Windows version.
According to the hacker, in order to hack into Windows, the attacker needs physical acess to the computer, but he claims this can also be done remotely. For the hack to succeed, the target user needs to be logged in.
The attacker can use CMD commands to get advanced PC privileges. Using the NT AUTHORITY / SYSTEM account, a local account with the highest privileges, the attack can get into the session of another user without login information, and this takes just one minute to do.
Korznikov says that he is not the first to do this, but says that he is not sure if this is possible because of a zero day vulnerability or because of a feature planned in the operating system. Something similar was also done before by Benjamin Delpy back in 2011.
This may be a problem Microsoft was unwilling to solve. Even so, Delpy told Korznikov that this is a problem with the Windows API design, which allows the Administrator to do just about anything.
“If a user without privileges becomes administrator using a local technique to boost privileges, then we’re not just talking about a simple design, we’re talking about a problem” Delpy says.
Hey Microsoft, you gonna fix this or what ?