Windows 10 and the SeriousSAM flaw, solution pending a fix – GinjFo

by Kelvin
Windows 10 and the SeriousSAM flaw, solution pending a fix - GinjFo

Windows 10 is the victim of a major security breach. Unveiled by Microsoft, it allows elevation of privileges locally. At the moment no fix is ‚Äč‚Äčavailable but a workaround exists.

A security fault affects Windows 10. Microsoft has spoken out about a new zero-day vulnerability. It has been reported on Twitter by security researcher Jonas Lykkegaard. Exploited by a hacker, it allows elevation of privileges locally in order to access sensitive data.

This flaw is called SeriousSAM. It is listed by the software giant its name CVE-2021-36934. The problem affects “too lax access controls on several system files” including the database of the security account manager.

  

Its use gives access to certain sensitive files normally reserved for administrators. Better it becomes possible to execute an arbitrary code via elevated privileges. Under these conditions the situation can become dangerous since a malicious person can gain extensive access to the data of a computer. Clearly it can read, modify and delete data.

Satnam Narang, research engineer at Tenable explains

Windows 10 and 11 and the SeriousSAM flaw, solution

Note that a condition is necessary since the VSS must be available. VSS is the contraction of Volume Shadow Copy.

On this subject Satnam Narang adds

According to Microsoft, no known attack exploits this flaw. However, its exploitation is probable. The giant offers a workaround pending the publication of a fix. It goes through two stages.

The first is to strengthen the security around the data located at this address

Windows > system32> config

To do this you must run a command line either via the Command Prompt (to be executed in administrator mode)

icacls %windir%system32config*.* /inheritance:e

where the Windows PowerShell (run in administrator mode)

icacls $env:windirsystem32config*.* /inheritance:e

The second step is to delete all system restore points and shadow volumes and then create a new system restore point. We have no release schedule regarding the patch’s arrival.

Warning Microsoft explains

This failure affects

  • Windows Server 20H2 (Server Core installation), Server 2004 (Server Core installation), Server 2019 (Server Core installation) and Server 2019,
  • Windows 10 20H2, 20H1, 1909 and 1809 (ARM64, 32 and 64-bit).