Full Report
Microsoft has shared guidance to fix C:\ drive access issues and app failures on some Samsung laptops running Windows 11, versions 25H2 and 24H2. [...]
Analysis Summary
# Vulnerability: Samsung Galaxy Connect Permission Corruption on Windows 11
## CVE Details
- **CVE ID**: N/A (Functional/Logic Error resulting in Access Control Failure)
- **CVSS Score**: N/A (Stability and Permission issue)
- **CWE**: CWE-284: Improper Access Control
## Affected Systems
- **Products**: Samsung Galaxy Book 4 and various Samsung desktop models.
- **Versions**: Windows 11, versions 24H2 and 25H2.
- **Configurations**: Systems with **Samsung Galaxy Connect** (formerly Samsung Continuity Service) installed.
## Vulnerability Description
A software bug in the Samsung Galaxy Connect application causes a critical corruption of NTFS file system permissions on the primary system drive (C:\). The application erroneously modifies ownership and Access Control Lists (ACLs) of the root directory. This results in the loss of standard Windows permissions, preventing the OS from verifying ownership by "TrustedInstaller." Consequently, users are blocked from accessing files, launching applications, elevating privileges (UAC), or performing administrative tasks.
## Exploitation
- **Status**: Not exploited (Functional bug/software conflict).
- **Complexity**: N/A.
- **Attack Vector**: Local (Issue is triggered by the installation/operation of the local Samsung application).
## Impact
- **Confidentiality**: Low (Primary issue is denial of access, though incorrect ACLs can theoretically expose system files).
- **Integrity**: High (System-level permissions are altered, preventing updates and log collection).
- **Availability**: High (Users are locked out of the C: drive and cannot launch most applications or administrative tools).
## Remediation
### Patches
- **Samsung Galaxy Connect Update**: Samsung has released a remediated version of the application. Affected users should ensure the app is updated via the Microsoft Store or Samsung update channels.
### Workarounds
Microsoft and Samsung have provided a detailed **29-step recovery procedure** to restore default permissions:
1. Uninstall "Samsung Galaxy Connect" or "Samsung Continuity Service."
2. Log in as an Administrator.
3. Manually adjust drive permissions to restore temporary access.
4. Execute a specific `.bat` (batch) repair file to reset permissions to Windows defaults (restoring ownership to **TrustedInstaller**).
## Detection
- **Indicators of Compromise**:
- "Access Denied" errors when clicking on the C: drive in File Explorer.
- Failure of apps to launch.
- Errors when attempting to uninstall Windows updates or view system logs.
- **Detection Methods**: Inspect the owner of `C:\`. If the owner is not "TrustedInstaller" or permissions are missing standard inherited entries, the system is affected.
## References
- Microsoft Support Guidance: hxxps[://]support[.]microsoft[.]com/en-us/topic/recovery-steps-samsung-galaxy-connect-or-samsung-continuity-service-might-cause-loss-of-access-to-the-c-drive-48c242aa-242a-4ddd-a9ad-98ea25fc04c1
- BleepingComputer Report: hxxps[://]www[.]bleepingcomputer[.]com/news/microsoft/microsoft-shares-fix-for-windows-c-drive-access-issues-on-samsung-pcs/