Windows 8 Security Hole Allows Users to Reset Account Passwords in Minutes

Yet another security flaw affecting Microsoft’s new operating system

By on December 14th, 2012 06:47 GMT

Windows 8 was designed to be a much more secure operating system, so it bundles several new tools and improved features to make sure that it’s harder to break into than any other Windows version.

Sadly, it appears that Microsoft has forgotten to fix an important password reset hack that also works on Windows 8 predecessors, including Windows Vista and Windows 7.

Reboot.pro user Jamal Naji has found a way to reset the Windows 8 login password using only the built-in troubleshooting tools, so no third-party software is required.

While we won’t provide detailed instructions on how to do this, it’s worth mentioning that the entire password reset trick comes down to replacing the Ease of Access app (and its process called utilman.exe) with a copy of a Command Prompt executable file (cmd.exe) with full administrator privileges.

That would obviously grant anyone full access to a Windows 8 computer, so with a few more commands, the password could be changed in minutes.

Surprisingly, the same issue also works on a bunch of other Windows versions, including Windows 8’s predecessors, and it’s hard to find a reason why Microsoft has actually skipped patching it.

Paradoxically, a few days ago, Nick Psyhogeos, Microsoft vice president, said during a media briefing that Windows 8 is one of the most secure operating systems to date, so it’s harder than ever to break into such a software.

He admitted, however, that hackers are finding new ways to crack Windows and its software applications, but he emphasized that Windows 8 features improved security tools that should protect it in front of a new wave of attacks that usually targets Microsoft’s operating systems.

We’ve contacted the company for an official statement on this and we will update this story as soon as we get an answer.

3 Comments