We, here at Windows Report, always stress the importance of staying protected while being connected to the internet, as cyber threats are growing and everpresent, nowadays.
- A critical Windows vulnerability, discovered days ago, has users scrambling to enable extra security measures.
- It started when a researcher noticed what he believed was a coding regression in a beta version of the upcoming Windows 11.
- Apparently, the contents of the security account manager (SAM), could be read by users with limited system privileges.
- This vulnerability also impacts all Windows 10 versions released in the past 2.5 years, according to experts.
Failing to do so can result in leaks of confidential and valuable data that can have severe repercussions for individuals, as well as for enterprises.
Tuesday, everyone was shocked to learn about two new vulnerabilities, one in Windows and the other in Linux, that can allow hackers to bypass OS security restrictions and access sensitive resources.
New Windows 11 vulnerability could lead to serious breaches
This critical Windows vulnerability was discovered by accident a few days ago when a researcher noticed what he believed was a coding regression in a beta version of the upcoming Windows 11.
He also found that the contents of the security account manager (SAM), which is the database that stores user accounts and security descriptors for users on the local computer, could be read by users with limited system privileges.
To give you a better understanding, we all know that, as operating systems and applications become harder to break into, successful attacks require two or more vulnerabilities to be exploited.
yarh- for some reason on win11 the SAM file now is READ for users.So if you have shadowvolumes enabled you can read the sam file like this:
I dont know the full extent of the issue yet, but its too many to not be a problem I think. pic.twitter.com/kl8gQ1FjFt
— Jonas L (@jonasLyk) July 19, 2021
To be a bit more precise, one of the vulnerabilities will allow malicious third parties to access low-privileged OS resources, where code can be executed or private data can be read.
The second vulnerability takes the process to a whole new level, granting access to system resources reserved for password storage or other sensitive operations.
How exactly does this issue allow attackers to infiltrate our systems?
The above-mentioned issue made it possible for third parties to extract cryptographically protected password data.
SeriousSAM vulnerability impacts all Windows 10 versions released in the past 2.5 years
-CVE-2021-36934 can be used to gain admin access for Windows 10 v1809 versions and later-No patches available yet-PoC and some logging tips availablehttps://t.co/x7rXAyByqy pic.twitter.com/EEtvRBLbU3
— Catalin Cimpanu (@campuscodi) July 21, 2021
Also, they could discover the password we used to install Windows, get their hands on the computer keys for the Windows data protection API, which can be used to decrypt private encryption keys.
Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken. We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.Click here to download and start repairing.
Expert tip:
SPONSORED
Another action that cyber attackers could perform while exploring this vulnerability is the creation of accounts on the targeted device.
As you can imagine, the result is that the local user can elevate privileges all the way to System, the highest level in Windows.
This is now a new vulnerability and was present even on Windows 10
Users that took notice of these posts and responded, also pointed out that this behavior wasn’t a regression introduced in Windows 11, as initially thought.
Q: what can you do when you have #mimikatz🥝 & some Read access on Windows system files like SYSTEM, SAM and SECURITY?
A: Local Privilege Escalation 🥳
Thank you @jonasLyk for this Read access on default Windows😘 pic.twitter.com/6Y8kGmdCsp
— 🥝 Benjamin Delpy (@gentilkiwi) July 20, 2021
Allegedly, the same vulnerability that has Windows 11 users on the edge of their seats was present even in the latest version of Windows 10.
Thus, the US Computer Emergency Readiness Team stated that this issue is manifesting when the Volume Shadow Copy Service, the Windows feature that allows the OS or applications to take snapshots of an entire disk without locking the filesystem, is turned on.
What’s even worse, is that currently, there is no patch available, so there is no way of telling when this problem will actually be fixed.
Microsoft company officials are investigating the vulnerability and will take action as needed. The vulnerability is being tracked as CVE-2021-36934, as Microsoft said that exploits in the wild are more likely.
Are you taking extra precautions in order to avoid becoming a victim of cyber-attacks? Share your thoughts with us in the comments section below.
I wrote about #HiveNightmare aka #SeriousSAM (blame @cyb3rops for that one), an unpatched Windows 10 vulnerability that allows any non-admin user to access the full system registry, including sensitive areas.
Terribly badly coded PoC included. https://t.co/PX1fOGpzbf
— Kevin Beaumont (@GossiTheDog) July 20, 2021
If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.
Still having issues? Fix them with this tool:
- Windows 11
Email *
Commenting as . Not you?
Comment
