Comment from Tenable on Zero-Day in Windows 10 — HiveNightmare aka SeriousSAM

Satnam Narang, Staff Research Engineer at Tenable


“The Windows Elevation of Privilege vulnerability (CVE-2021-36934), which is being called HiveNightmare or SeriousSAM by security researchers, is a zero-day that impacts certain versions of Windows 10. It allows non-administrative users to read sensitive files that are normally restricted to administrators.

“In order to exploit the flaw, the Volume Shadow Copy Service (VSS) must be available. Researchers have pointed out that if the size of the system drive is greater than 128 gigabytes, the VSS shadow copy will be created automatically when a Windows Update or MSI file has been installed. Users can verify whether or not the VSS shadow copies exist by running a specific command on their systems. Successful exploitation of this flaw would grant a local attacker the ability to elevate privileges, collect passwords and computer keys as well as gain access to a computer machine account in order to perform a silver ticket attack.

“Microsoft published an out-of-band informational advisory about the flaw, but they have not yet released any patches for this vulnerability.

“At this point, mitigation is limited to modify access control lists to prevent users from reading specific files as well as removing VSS shadow copies from the system. These mitigations could impact certain functionality of the system.” — Satnam Narang, Staff Research Engineer, Tenable

Leave a Reply

Your email address will not be published. Required fields are marked *