Hackers can exploit Safe mode in Windows to launch security attacks

2 minute read

Home » News » Hackers can exploit Safe mode in Windows to launch security attacks

When you think of Safe Mode, your first association is reduced risk from malicious attack for your computer. As Safe Mode runs only essential, first party programs in Windows, it is often used for fixing various security and other system problems.

However, there’s one contradiction. Although Safe Mode’s purpose is to provide a risk-free environment, it can actually leave your computer in danger if a hacker takes a full advantage out of it. According to researchers at CyberArk Labs, while not running the majority of programs is actually good for your security, it can also be very bad at the same time.

If an attacker has remote access to a user’s computer, he can boot into Safe Mode and launch an attack. Since all potential security programs and antiviruses are turned off, there would be nothing to stop a malicious software.

“Sure, the attacker can arbitrarily force a restart, but this will likely look suspicious to the user and prompt a phone call to the IT team,” says CyberArk researcher Doron Naim writing on the company’s blog. “Instead, to stay under the radar, the attacker can also either wait until the next restart or show the victim an ‘update’ window with a message that says the PC must be rebooted. This ‘update’ window can purposely be designed to look like a legitimate Windows pop-up”.

Once attackers are in Safe Mode, they can easily capture important user data like credentials and even execute pass-the-hash attacks to break into other computers on the same network.

Although completely removing this risk is almost impossible, there are some security measures recommended for enterprises. Admins can remove administrator privileges from normal users so that attackers are not able to switch from Normal to Safe mode, rotate privileged credentials, make security tools available in Safe Mode, and continuously monitor any suspicious activity that involves PCs booting into Safe Mode.

RELATED STORIES YOU NEED TO CHECK OUT:

Discussions

Next up

Citrix Receiver A fatal error occurred on Windows 10 [FIXED]

Vladimir Popescu avatar. By: Vladimir Popescu
2 minute read

A number of users have reported encountering this error message A fatal error occurred from Citrix Receiver, on Windows 10. The reasons for this error […]

Continue Reading

PC has blocked access to this file [FIXED BY EXPERTS]

Sovan Mandal avatar. By: Sovan Mandal
2 minute read

Windows 10 is an amazing platform, but sometimes you won’t be able to access certain files due to PC has blocked access to this file error. […]

Continue Reading

Make the most of your Brother embroidery machine with these tools

Vladimir Popescu avatar. By: Vladimir Popescu
Less than a 1 minute read

Being one of the most popular brands of embroidery machines on the market, Brother is an incredibly user-friendly machine that can give you the possibility […]

Continue Reading