A zero-day vulnerability affecting Windows 10, Windows 11, and Windows Server 2019 has been confirmed by Microsoft security experts.
CVE-2021-36934, also known as HiveNightmare or SeriousSAM, causes local privilege escalation, giving unprivileged users access to the registry, system files, and system passwords.
Despite the severity of the flaw, Microsoft has yet to issue a security patch. However, ahead of the next Patch Tuesday release, the business offered a number of workarounds that Windows customers can employ.
After the PrintNightmare and Windows Hello flaws, this is the third Windows vulnerability found in less than a month.
Limited access to system files, registry, and the SAM database is granted by a Windows vulnerability.
Jonas Lykkegaard was the first to identify the flaw in the Windows 11 preview. He eventually discovered that the fault existed in earlier versions of the Windows operating system as well.
Non-administrators in the BUILTIN/Users group can access Windows system files, including the Security Account Manager (SAM), SYSTEM, and SECURITY Registry hive files, thanks to a Windows vulnerability.
Only computer administrators have access to these files, which are located in the Windows system32 config directory. Additionally, during operation, the files are locked to prevent unwanted access or modification.
If the system drive’s volume shadow copy service is available, attackers might do a variety of actions, according to CERT. They were able to gain access to account password hashes and deduce the original Windows installation password. They could also recover the DPAPI computer keys, which could be used to decode all computer private keys. An attacker might also gain access to the account of the computing machine and use it to launch silver ticket attacks.
The HiveNightmare vulnerability affects all versions of Windows 10 (809, 1909, 2004, 20H2, and 21H1), Windows 11, and Windows Server 2019.
Windows users can determine if they are vulnerable by typing icacls %windir%\system32\config\sam on the command prompt.Users whose outputs contain the BUILTIN\Users:(I)(RX) result are affected by the HiveNightmare windows vulnerability.