Technical Information

Brief overview of the risk:

Also called HiveNightmare or SeriousSam is an Elevation of Privilege vulnerability in Windows 10 due overly permissive Access Control Lists (ACLs) on multiple system files. With this vulnerability any non-administrative user can retrieve all registry hives. Some of these registry hives contain sensitive information such as SAM, SECURITY and SYSTEM registry hives. SAM stores all the system’s user credentials in the form of hashes which are not supposed to be accessed by a non-administrative user of the system.

Technical Details:

The vulnerability on Windows 10 requires System Protection or Shadow Volume to be enabled. By default on Windows 10 all users under BUILTIN\Users group have read access to the sensitive registry hives. BUILTIN\Users group consists of all the users that the OS creates during the OS installation including local accounts. Therefore this bug allows non-administrative users to gain read access to these sensitive files. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker must have the ability to execute code on a victim system to exploit this vulnerability.

As an exploit for this vulnerability is already available in public domain hence it is advised to follow the mitigation guidelines as mentioned here to stay safe.