Vulnerability detected in Microsoft Windows 10

Vinay Kumar 1 Reputation point
2021-02-24T07:14:03.87+00:00

With Windows 10, junction directory can be created easily from 'non-admin' account inside c:\Windows\System32.
Such actions would result in creation of junction directories UNKNOWINGLY(to Administrator) to random folders!!!

Creating the soft-link to 'c:\Windows\System32' requires admin privileges:

C:\Users\hacker>mklink c:\ProgramData\Hacker_test\test.txt c:\Windows\System32\sample.txt
Access is denied.

But creating Junction directory does not require any admin privileges, which is the SECURITY VULNERABILITY.

C:\Users\hacker>mklink /J c:\ProgramData\Hacker_test c:\Windows\System32
Junction created for c:\ProgramData\Hacker_test <<===>> c:\Windows\System32

So the higher privileged Windows Services running with NT AUTHORITY\SYSTEM privileges writing/reading logs/data/configuration can be redirected to any WINDOWS LOCATION(even to c:\Windows\System32) by 'non-admin' user(Using mkling /J).

Does Windows has released any security patch for it?
If not, How can Windows Service restrict creation of Junction directories(by 'non-admin' user) for the files(logs/data/configuration) to which it is writing/reading?

Any help, would be greatly appreciated.

Thanks,
Vinay

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
12,075 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
3,052 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Reza-Ameri 17,231 Reputation points Moderator
    2025-05-19T19:37:58.76+00:00

    Hi,

    In case you believe this is a valid vulnerability , please prepare the proof of concept and report it to the MSRC. Have a look at:

    https://msrc.microsoft.com/report/vulnerability

    1 person found this answer helpful.
    0 comments No comments

  2. Xiaowei He 9,931 Reputation points
    2021-02-25T07:25:03.467+00:00

    Hi,

    It's recommended to send feedback to Microsoft with the Feedback Hub app:

    https://support.microsoft.com/en-us/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332

    Thanks for your time!
    Best Regards,
    Anne

    -----------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.