You can now find Cyber Kendra on Google News | Telegram

Bug in Windows 10 and Windows 11 Allow Gaining Administrator Rights

Exploiting the problem allows you to escalate privileges and gain access to sensitive files in the registry database.

Security researcher Jonas Lykkegaard reported a dangerous vulnerability ( CVE-2021-36934 ) in Windows 10 and Windows 11. The exploitation of the problem, dubbed SeriousSAM and HiveNightmare, allows local users to elevate their privileges and access confidential file registry databases.

The Windows Registry acts as a configuration repository for the Windows operating system and contains password hashes, user preferences, configuration settings for applications, system decryption keys, and more.

The database files associated with the Windows registry are stored in the C: \ Windows \ system32 \ config folder and are split into different files such as SYSTEM, SECURITY, SAM, DEFAULT, and SOFTWARE. Since these files contain confidential information about all user accounts on the device and security tokens used by Windows features, they are not allowed to be viewed by non-elevated users.

This is especially important for the Security Account Manager (SAM) file because it contains password hashes for all users on the system that attackers can use to verify their identity.

The Windows 10 and Windows 11 registry files associated with SAM and all other registry databases are available to the low-privileged Users group on the device, Lyckegaard said. While testing Windows 11, the technician found that although the OS restricts access to these files for low-level users, the available copies of the files are stored in shadow copies. This issue appeared in Windows 10 code back in 2018, after the release of version 1809.

As temporary measures to prevent exploitation of the vulnerability, Microsoft experts recommend restricting access to the vulnerable folder and deleting shadow copies.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.