Windows 10
As reported by colleagues at BleepingComputer, a dangerous security flaw has been discovered in Windows 10 and Windows 11 that allows users with a local account to access sensitive information on all accounts, including those of administrators. This would also allow you to change the password of the administrator accounts and have full control of the PC.The bug lies in the Microsoft security rules assigned to the Windows registry and the Security Account Manager. Both, for some reason, have light restrictions allowing any local user to have full access to files without administrator privileges. This is even more critical for the Security Account Manager, which contains data, including passwords, of all users on the PC. Giving local users access to this private information can allow malicious people to log into one of the administrator accounts for full access to its resources.
Fortunately, you cannot access the Windows registry files at your own liking, as these files are always in use when Windows is running, which means you can't view the files while the operating system is using them. However, the solution to this problem is very simple and involves accessing the Windows Shadow Volume which acts as a backup of the Windows registry and SAM files.
Microsoft is aware of the situation and is monitoring it with the code CVE-2021-36934. Apparently, to fix it it is necessary to reduce the permissions on the% windir% \ system32 \ config file and delete any recovery points or shadow volumes created before that moment, at least until the bug is permanently fixed through an official patch.
If you are looking for a USB pen with a good capacity and a really low price, on Amazon you will find the Kingston DataTraveler 128GB at a discounted price.
Microsoft just published a workaround for this important Windows 10 flaw
November 1, 2017 - Redmond, Washington: Microsoft's sign and flags of United States, Washington and Microsoft are visible in front of a building at company's corporate headquarters
Microsoft has released a workaround for a privilege elevation flaw that affects all versions of Windows 10 and could give attackers the ability to access data and create new accounts on systems.
Microsoft this week confirmed a serious elevation of privilege flaw, tagged as CVE-2021-36934, that could allow a local attacker to run their own code with system privileges.
While the bug is important, the attacker must have already gained the ability to execute code on the target system in order to exploit the flaw, according to Microsoft.
SEE: Network security policy (TechRepublic Premium)
The bug affects the Security Accounts Manager (SAM) database in all versions of Windows 10 from version 1809. It may be more urgent to patch or mitigate because details of the flaw are publicly available.
The SAM database is a sensitive component of Windows 10 since it is the location for storing user accounts, credentials and domain information. While credentials are hashed in SAM, the flaw gives attackers the opportunity to exfiltrate the hashed credentials and crack them offline.
'An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database,' Microsoft says in an advisory.
'An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.'
Per The Record, the flaw was found by Jonas Lyk over the weekend. The issue is being referred to as SeriousSAM. Lyk discovered shadow copies of SAM were available for attackers to exploit while probing a preview of Windows 11, Microsoft's next version of Windows.
SEE: GDPR: Fines increased by 40% last year, and they're about to get a lot bigger
Security firm Blumira explains why CVE-2021-36934 is a serious flaw.
'The SYSTEM and SAM credential database files have been updated to include the Read ACL set for all Users for some versions of Windows,' the company notes in a blogpost.
'This means that any authenticated user has the capability to extract these cached credentials on the host and use them for offline cracking, or pass-the-hash depending on the environment configuration.'
The US CERT coordination center notes several more ways the bug can impact affected Windows 10 machines. An attacker could: