Hackers can exploit Safe mode in Windows to launch security attacks

By: Ivan Jenic
2 minute read

When you think of Safe Mode, your first association is reduced risk from malicious attack for your computer. As Safe Mode runs only essential, first party programs in Windows, it is often used for fixing various security and other system problems.

However, there’s one contradiction. Although Safe Mode’s purpose is to provide a risk-free environment, it can actually leave your computer in danger if a hacker takes a full advantage out of it. According to researchers at CyberArk Labs, while not running the majority of programs is actually good for your security, it can also be very bad at the same time.

If an attacker has remote access to a user’s computer, he can boot into Safe Mode and launch an attack. Since all potential security programs and antiviruses are turned off, there would be nothing to stop a malicious software.

“Sure, the attacker can arbitrarily force a restart, but this will likely look suspicious to the user and prompt a phone call to the IT team,” says CyberArk researcher Doron Naim writing on the company’s blog. “Instead, to stay under the radar, the attacker can also either wait until the next restart or show the victim an ‘update’ window with a message that says the PC must be rebooted. This ‘update’ window can purposely be designed to look like a legitimate Windows pop-up”.

Once attackers are in Safe Mode, they can easily capture important user data like credentials and even execute pass-the-hash attacks to break into other computers on the same network.

Although completely removing this risk is almost impossible, there are some security measures recommended for enterprises. Admins can remove administrator privileges from normal users so that attackers are not able to switch from Normal to Safe mode, rotate privileged credentials, make security tools available in Safe Mode, and continuously monitor any suspicious activity that involves PCs booting into Safe Mode.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions