Microsoft Windows 10 flaw has now been pointed out by Microsoft as the company released a workaround for a certain privilege elevation flaw.
The flaw reportedly affects all versions of the Windows 10, and could potentially give attackers the ability to be able to access data and even create new accounts on systems.
Windows 10 CVE-2021-36934
According to the story by ZDnet, Microsoft has just confirmed a serious elevation of privilege flaw, which is called CVE-2021-36934 that could allow attackers to run their code with certain system privileges.
The attackers must reportedly have gained the ability for them to be able to execute code on the particular target system for them to exploit the flaw, according to Microsoft.
The bug reportedly affects SAM, or the Security Accounts Manager, database in all different versions of Windows 10 all the way from the previous Windows 10 1809.
SAM Database Flaw
It might actually be more urgent to either patch or mitigate due to the details of the flaw, which are publicly available. The SAM database is reportedly a sensitive component of Windows 10 since it is the specific location for storing certain user accounts, domain information, and credentials.
While the credentials are hashed in SAM, the flaw would give attackers the opportunity to be able to exfiltrate the hashed credentials in order for them to crack offline.
Microsoft noted in an advisory that an elevation of privilege vulnerability now exists due to the overly permissive Access Control Lists or ACLs on a number of system files, which include the SAM database.
It was said that an attacker who is able to successfully exploit this particular vulnerability will be able to run arbitrary code along with SYSTEM privileges. An attacker could reportedly install programs like change, view, delete data, or even create new accounts along with the full user rights.
The particular issue is now being referred to as the SeriousSam. Lyk was able to discover shadow copies of SAM that were available for attackers to exploit while still probing a preview of the Windows 11, which is Microsoft's latest version of Windows.
Windows 11 has been played with by tech enthusiasts. Imagine a Raspberry Pi that is Windows 11 enabled.
SYSTEM and SAM Credential Database
Blumira, a certain security firm, explained that CVE-2021-36934 is quite a serious flaw.
The company noted in a blog post that the SYSTEM and SAM credential database files have reportedly been updated in order to include the Read ACL for all of the Users that run on some versions of Windows.
According to the post, this means that any given authenticated user has the power to extract the cached credentials on the host, and put them to use for offline cracking, or even pass-the-hash depending on the given environment configuration.
The official United States CERT coordination center said that there could be other ways the bug can impact the compromised Windows 10 computers. The new Windows 11 is on the horizon, but for those that are still more comfortable with Windows 10, here's how to at least turn the Start Menu back.
This article is owned by Tech Times
Written by Urian B.