Windows 10 Backdoor Hack

By Zach DeMeyer Posted October 19, 2018

Windows® 10 Backdoor Hack

A Colombian security researcher has detected a surprisingly simple Windows® 10 backdoor hack that can enable practically any user account to gain admin permissions. By tinkering with the unique Relative Identifier (RID) associated with every Windows account, anyone can update their account to have nearly ultimate power in an IT organization. To make matters worse, as of this writing, Microsoft® has yet to respond to this vulnerability.

The Ramifications of the Hack

mac management

For your average employee, having admin access carries little weight. Sure, maybe one can use their newfound admin abilities to turn off the pesky privacy features that their IT admin installed on their system. They could change another user’s account to have a silly meme instead of their profile photo, or change their account name to Mickey Mouse. But, petty office pranks aside, unrelinquished admin access is nothing but trouble.

An employee with unauthorized admin privileges and an ounce of malcontent is a dire threat to any organization. With the power permitted by being an admin, bad actors can have a heyday on sensitive company information, tamper with other users’ account setting, and even affect other admin accounts. The same could be said for a hacker exploiting this backdoor from the outside. The consequences are grave, to say the least.

Directory-as-a-Safeguard

Here at JumpCloud, we believe that this sort of vulnerability compromises the very core tenets of IT practice. That’s why our Directory-as-a-Service product is designed to prevent a similar occurrence. With Directory-as-a-Service, admins can strongly control the authorization of access to user accounts via a secure, remote admin console in the cloud. This authorization is carried out on an endpoint level by the JumpCloud Agent, which is downloaded and installed on each user’s system.

That last sentence may have set off alarm bells in the minds of some, and for good reason. Anything installed should be able to be uninstalled, right? And, if a user can uninstall their Agent, who’s to say they can’t change their permissions as well? Well, in their audit of the JumpCloud Directory-as-a-Service product in regards to GDPR, HIPAA, and PCI DSS compliance, independent auditing firm, Coalfire Systems, found a critical feature of the platform. In their tests, Coalfire found that the JumpCloud Agent could not be uninstalled by the user.

In practice, this result means that the average employee will not be able to affect their admin/non-admin status without a lot of work. Add on top of that enforceable password complexity requirements, multi-factor authentication, and more, and your JumpCloud identities, admin or not, are made hypersecure. Additionally, per the Coalfire whitepapers above, organizations properly leveraging Directory-as-a-Service will be on the right path towards GDPR, HIPAA, and PCI compliance to boot.

Learn More

JumpCloud directory-as-a-service

To learn more about how you can avoid the Windows 10 backdoor hack with JumpCloud, consider contacting our expert team with questions. To see the power of JumpCloud in action, try scheduling a demo or signing up for Directory-as-a-Service. Your first ten users are included with the free sign up, and last forever.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts