Working hours:Mon - Sat 8.00 - 18.00 Call Us: (+233) 546 7708 15


Call Us Now

Windows PCs Vulnerable To RID Hijacking; Grants Full System Access To Attackers

October 18, 2018by Kam Links3

security researcher named Sebastián Castro has uncovered a way of gaining admin rights and boot persistence on Windows PCs that is not only simple to execute but hard to stop as well.

RID Hijacking

This technique manipulates a parameter of Windows user accounts named Relative Identifier (RID). Account security identifiers (SIDs) that define a user’s permissions group, typically have a RID code appended at the end.

While there are several different RIDs available, the most commonly used ones are 500 for admin accounts and 501 for the standard guest account.

By manipulating the registry keys that store information about each Windows account, one can modify the RID associated each account.

RID hijacking

This RID can be changed and assigned to another account group which would also modify the permissions associated with it. Hence the term ‘RID Hijacking.’

Even though this method cannot be used remotely to hack a computer (unless it’s unprotected with a password and left exposed on the internet), attackers can gain control of a system either by malware or brute force.

They can simply grant admin permissions to a compromised low-level account, and thus create a permanent backdoor on a Windows PC with full system access.

To make it worse, this attack can be deployed without triggering an alert to the victim and works on Windows versions XP to 10 and from Server 2003 to Server 2016.

No response from Microsoft

What’s even more troubling is the fact that this exploit was found way back in December 2017 and Microsoft was notified about the same. But the company never responded or patched the vulnerability.

Thankfully, this technique has gone unnoticed by malware authors or at least no such incidents involving RID hijacking have surfaced yet.


Credit: Fossbyte

Kam Links


  • DarkWeb

    November 23, 2019 at 4:01 am

    “I’ve learn several just right stuff here. Certainly value bookmarking for revisiting.
    I wonder how so much effort you put to create such a magnificent informative site.”


  • Access darkweb

    January 10, 2020 at 4:34 am

    “Wow, awesome blog format! How long have you been blogging for?
    you make blogging look easy. The full glance of your web site is wonderful, let alone the content material!”


Leave a Reply

Your email address will not be published.


About Us

Company letter heads, complementary cards, waybills, stores vouchers, bill books, receipt
books, students answer booklet, graph books, report books, exercise books, invoice books,
bank notes, bank pay slips, magazines, posters, note books, brochures, shirt printing, tissue box
+233 54 677 0815


We Are Everywhere

get in touch

Follow Our Activity

We welcome you to kam-links family and we are always ready to transact business with you.
Thank you

Like this:

Social Media Auto Publish Powered By :
%d bloggers like this: