Working hours:Mon - Sat 8.00 - 18.00 Call Us: (+233) 546 7708 15


Call Us Now

Windows PCs Vulnerable To RID Hijacking; Grants Full System Access To Attackers

October 18, 2018by Kam Links0

security researcher named Sebastián Castro has uncovered a way of gaining admin rights and boot persistence on Windows PCs that is not only simple to execute but hard to stop as well.

RID Hijacking

This technique manipulates a parameter of Windows user accounts named Relative Identifier (RID). Account security identifiers (SIDs) that define a user’s permissions group, typically have a RID code appended at the end.

While there are several different RIDs available, the most commonly used ones are 500 for admin accounts and 501 for the standard guest account.

By manipulating the registry keys that store information about each Windows account, one can modify the RID associated each account.

RID hijacking

This RID can be changed and assigned to another account group which would also modify the permissions associated with it. Hence the term ‘RID Hijacking.’

Even though this method cannot be used remotely to hack a computer (unless it’s unprotected with a password and left exposed on the internet), attackers can gain control of a system either by malware or brute force.

They can simply grant admin permissions to a compromised low-level account, and thus create a permanent backdoor on a Windows PC with full system access.

To make it worse, this attack can be deployed without triggering an alert to the victim and works on Windows versions XP to 10 and from Server 2003 to Server 2016.

No response from Microsoft

What’s even more troubling is the fact that this exploit was found way back in December 2017 and Microsoft was notified about the same. But the company never responded or patched the vulnerability.

Thankfully, this technique has gone unnoticed by malware authors or at least no such incidents involving RID hijacking have surfaced yet.


Credit: Fossbyte

Kam Links

Leave a Reply

Your email address will not be published. Required fields are marked *


About Us

Company letter heads, complementary cards, waybills, stores vouchers, bill books, receipt
books, students answer booklet, graph books, report books, exercise books, invoice books,
bank notes, bank pay slips, magazines, posters, note books, brochures, shirt printing, tissue box
+233 54 677 0815


We Are Everywhere

get in touch

Follow Our Activity

We welcome you to kam-links family and we are always ready to transact business with you.
Thank you

Like this:

%d bloggers like this: