CP
cyberpings
VulnerabilitiesHIGH

Windows 11's New Admin Protection Faces Bypass Vulnerabilities

GPGoogle Project Zero
Windows 11Administrator ProtectionUACvulnerabilitiesMicrosoft
🎯

Basically, Windows 11 introduced a feature to protect admin access, but hackers found ways around it.

Quick Summary

Windows 11's new Administrator Protection feature has been compromised. Vulnerabilities allow attackers to bypass security measures, risking user data. Microsoft has released patches, but vigilance is essential for users.

What Happened

A significant security feature called Administrator Protection was introduced in Windows 11, 25H2. This feature aims to enhance security by allowing local users to access administrator privileges only when absolutely necessary. However, during its testing phase, vulnerabilities were discovered that could allow attackers to bypass this protection and gain full administrator rights silently.

The vulnerabilities were identified during the insider preview builds of Windows 11. Security researcher reports indicated that there were nine separate vulnerabilities that could exploit this new feature. Thankfully, Microsoft acted quickly, fixing these issues either before the official release or in subsequent security updates. However, as of December 1, 2025, Microsoft has disabled the Administrator Protection feature due to an unrelated application compatibility issue.

Why Should You Care

You might wonder why this matters to you. If you use Windows 11, this feature was designed to enhance your security, protecting your personal data and system from malicious actors. Imagine having a strong lock on your front door, but if someone finds a way to pick it, your home becomes vulnerable.

Administrator Protection was meant to prevent malware from easily gaining access to your system. If these vulnerabilities remain, it could lead to unauthorized access to your files, sensitive information, or even financial data. This means that your online safety could be at risk, especially if you frequently use your computer for banking or shopping.

What's Being Done

Microsoft has been proactive in addressing these vulnerabilities. They have already released patches to fix the identified issues. Here’s what you should do right now:

  • Ensure your Windows 11 is updated with the latest security patches.
  • Stay informed about any future updates regarding the Administrator Protection feature.
  • Regularly check for any unusual activity on your system.

Experts are closely monitoring the situation to see if any new vulnerabilities arise as Microsoft works to resolve the compatibility issues. Keeping your system updated is crucial to maintaining your security.

🔒 Pro insight: The rapid identification of vulnerabilities in Administrator Protection highlights ongoing challenges in user privilege management across Windows environments.

Original article from

Google Project Zero

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Vulnerabilities in IP KVMs - Security Risks Exposed

Researchers disclosed nine vulnerabilities in IP KVMs from four manufacturers, exposing networks to serious risks. Many devices remain unpatched, making them easy targets for attackers. It's crucial for admins to secure these devices promptly.

Ars Technica Security·
CRITICALVulnerabilities

Vulnerabilities in Schneider Electric SCADAPack - Urgent Alert

Schneider Electric has revealed a critical vulnerability in its SCADAPack RTUs. This flaw could allow unauthorized access, risking system integrity and safety. Immediate updates are essential for protection.

CISA Advisories·
HIGHVulnerabilities

Vulnerability in Schneider Electric EcoStruxure IT Software

Schneider Electric has revealed a serious vulnerability in its EcoStruxure IT Data Center Expert software. This flaw could allow hackers to access sensitive information. Users must act quickly to apply the necessary patches or mitigations to secure their systems.

CISA Advisories·
HIGHVulnerabilities

CODESYS Vulnerabilities - Critical Flaws in Festo Suite

Critical vulnerabilities have been discovered in CODESYS within Festo Automation Suite. Users must upgrade to the latest versions to avoid severe risks. Stay secure by applying updates promptly.

CISA Advisories·
HIGHVulnerabilities

Siemens SICAM SIAPP SDK - Multiple Vulnerabilities Found

Siemens has identified multiple vulnerabilities in its SICAM SIAPP SDK. Users are urged to update to version 2.1.7 to avoid potential disruptions. This is crucial for maintaining operational integrity in critical manufacturing sectors.

CISA Advisories·
HIGHVulnerabilities

AWS Bedrock AgentCore - Critical Sandbox Bypass Vulnerability

A serious flaw in AWS Bedrock's Sandbox mode allows attackers to create covert C2 channels and exfiltrate sensitive data. Users must transition to VPC mode for better security.

Cyber Security News·