With Windows 10, junction directory can be created easily from 'non-admin' account inside c:\Windows\System32.
Such actions would result in creation of junction directories UNKNOWINGLY(to Administrator) to random folders!!!
Creating the soft-link to 'c:\Windows\System32' requires admin privileges:
C:\Users\hacker>mklink c:\ProgramData\Hacker_test\test.txt c:\Windows\System32\sample.txt
Access is denied.
But creating Junction directory does not require any admin privileges, which is the SECURITY VULNERABILITY.
C:\Users\hacker>mklink /J c:\ProgramData\Hacker_test c:\Windows\System32
Junction created for c:\ProgramData\Hacker_test <<===>> c:\Windows\System32
So the higher privileged Windows Services running with NT AUTHORITY\SYSTEM privileges writing/reading logs/data/configuration can be redirected to any WINDOWS LOCATION(even to c:\Windows\System32) by 'non-admin' user(Using mkling /J).
Does Windows has released any security patch for it?
If not, How can Windows Service restrict creation of Junction directories(by 'non-admin' user) for the files(logs/data/configuration) to which it is writing/reading?
Any help, would be greatly appreciated.
Thanks,
Vinay