CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2021-36934 | Windows Elevation of Privilege Vulnerability | Windows 10 | High | 22-07-2021 |
Technical Information
Brief overview of the risk:
Also called HiveNightmare or SeriousSam is an Elevation of Privilege vulnerability in Windows 10 due overly permissive Access Control Lists (ACLs) on multiple system files. With this vulnerability any non-administrative user can retrieve all registry hives. Some of these registry hives contain sensitive information such as SAM, SECURITY and SYSTEM registry hives. SAM stores all the system’s user credentials in the form of hashes which are not supposed to be accessed by a non-administrative user of the system.
Technical Details:
The vulnerability on Windows 10 requires System Protection or Shadow Volume to be enabled. By default on Windows 10 all users under BUILTIN\Users group have read access to the sensitive registry hives. BUILTIN\Users group consists of all the users that the OS creates during the OS installation including local accounts. Therefore this bug allows non-administrative users to gain read access to these sensitive files. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker must have the ability to execute code on a victim system to exploit this vulnerability.
As an exploit for this vulnerability is already available in public domain hence it is advised to follow the mitigation guidelines as mentioned here to stay safe.
Affected Software
Windows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems