Windows PCs Vulnerable To RID Hijacking; Grants Full System Access To Attackers


A security researcher named Sebastián Castro has uncovered a way of gaining admin rights and boot persistence on Windows PCs that is not only simple to execute but hard to stop as well.

RID Hijacking

This technique manipulates a parameter of Windows user accounts named Relative Identifier (RID). Account security identifiers (SIDs) that define a user’s permissions group, typically have a RID code appended at the end.

While there are several different RIDs available, the most commonly used ones are 500 for admin accounts and 501 for the standard guest account.

By manipulating the registry keys that store information about each Windows account, one can modify the RID associated each account.

RID hijacking

This RID can be changed and assigned to another account group which would also modify the permissions associated with it. Hence the term ‘RID Hijacking.’

Even though this method cannot be used remotely to hack a computer (unless it’s unprotected with a password and left exposed on the internet), attackers can gain control of a system either by malware or brute force.

They can simply grant admin permissions to a compromised low-level account, and thus create a permanent backdoor on a Windows PC with full system access.

To make it worse, this attack can be deployed without triggering an alert to the victim and works on Windows versions XP to 10 and from Server 2003 to Server 2016.

No response from Microsoft

What’s even more troubling is the fact that this exploit was found way back in December 2017 and Microsoft was notified about the same. But the company never responded or patched the vulnerability.

Thankfully, this technique has gone unnoticed by malware authors or at least no such incidents involving RID hijacking have surfaced yet.

Also Read: GitHub Introduces New ‘Actions’ Feature To Automate Software Development
Manisha Priyadarshini

Manisha Priyadarshini

An Editor and a Tech Journalist with a software development background. I am a big fan of technology and memes. At Fossbytes, I cover all aspects of tech but my specific area of interest is Programming and Development.
More From Fossbytes

Latest On Fossbytes

Find your dream job