Vulnerability also known as HiveNightmare and SeriouSAM.
Unprivileged users have access to SAM in
Users can extract password hash and user information of local users.
Remove access to all files in config for unpriviledged users using a cmd in admin context.
Press Windows-Key and type cmd
Select runas Administrator
icacls c:\windows\system32\config\*.* /inheritance:e
Remove any existing volume shadow copies.
vssadmin delete shadows /for=c:
Confirm with “y”
Hint | After deleting the existing volume shadow copy you might want to create a new one with the current state of your system.