Vulnerability in Windows 10 allows files to be created in system folders


Reaction score
The problem affects most editions of Windows 10 and is extremely easy to exploit.

Reverse engineer Jonas Lykkegaard reported a vulnerability in Windows 10 that allows files to be created in restricted areas of the operating system. Although the vulnerability is only present on devices with Hyper-V enabled, it could be a useful tool for attackers.

The problem affects most editions of Windows 10 and is extremely easy to exploit. Lykkegaard posted a tweet demonstrating how an unprivileged user could create an arbitrary file in the system32 folder, which contains vital files of Windows and installed software.

For this purpose, the researcher created an empty phoneinfo.dll file in system32. Typically, making changes to this folder requires elevated privileges, but this rule does not work if Hyper-V is enabled, Lykkegaard explains. Since the file's creator is also its owner, an attacker can use this opportunity to inject malicious code that will run with elevated privileges.

The Hyper-V hypervisor allows you to create virtual machines on systems running Windows 10. Regular users do not need this feature, but the caveat is that activating Windows Sandbox, which was introduced with the release of Windows 10 May 2019 Update, automatically turns on Hyper-V.

CERT\CC analyst Will Dormann confirmed the existence of the vulnerability and noted that exploiting it would not be difficult. According to him, the problem is contained in the server component storvsp.sys’ (Storage VSP - Virtualization Service Provider).