CVE-2021-36934 Windows Elevation of Privilege Vulnerability

Vulnerability also known as HiveNightmare and SeriouSAM.


Unprivileged users have access to SAM in


Users can extract password hash and user information of local users.


Remove access to all files in config for unpriviledged users using a cmd in admin context.

Press Windows-Key and type cmd

Select runas Administrator

icacls c:\windows\system32\config\*.* /inheritance:e

Remove any existing volume shadow copies.

vssadmin delete shadows /for=c:

Confirm with “y”

Hint | After deleting the existing volume shadow copy you might want to create a new one with the current state of your system.


[1] Microsoft Security Response Center – CVE-2021-36934

Leave a Reply

Your email address will not be published. Required fields are marked *