CVE-2021-36934 Windows Elevation of Privilege Vulnerability

Vulnerability also known as HiveNightmare and SeriouSAM.

Issue

Unprivileged users have access to SAM in

c:\windows\system32\config\sam

Users can extract password hash and user information of local users.

Workaround

Remove access to all files in config for unpriviledged users using a cmd in admin context.

Press Windows-Key and type cmd

Select runas Administrator

icacls c:\windows\system32\config\*.* /inheritance:e

Remove any existing volume shadow copies.

vssadmin delete shadows /for=c:

Confirm with “y”

Hint | After deleting the existing volume shadow copy you might want to create a new one with the current state of your system.

References

[1] Microsoft Security Response Center – CVE-2021-36934

Leave a Reply

Your email address will not be published. Required fields are marked *