Windows OOBE Security Flaw Allows Full Admin Access
Microsoft's Windows Out-of-Box-Experience (OOBE), the initial setup process for new devices, has been found to contain a significant security vulnerability. This flaw allows users to bypass security restrictions and gain full administrative access to command prompt functions during the initial setup process.
The vulnerability exploits the 'defaultuser0' system account, which is a member of the local administrators group, providing extensive system access. Researchers have discovered an alternative method to launch the 'Run' dialog within OOBE, using the Win+R shortcut after focusing on another window like the on-screen keyboard tool. This enables users to launch an elevated command shell with administrator rights via the 'defaultuser0' account, circumventing the known limitations of the Shift+F10 shortcut. The 'cmd /k' command can be used to launch the command shell, granting users full administrative access to command prompt functions.
Microsoft has been notified about this security flaw, and it is recommended that users remain cautious during the initial setup process of their Windows devices until a patch is released. The vulnerability highlights the importance of robust security measures during the early stages of device access.
Read also:
- Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Infiltration of Estonian airspace by Russian military aircraft
- Cyber aggression intensifies by China-backed TA415 group, targeting Taiwan's semiconductor production and supply networks
