Security News > 2021 > July > Easily exploitable, unpatched Windows privilege escalation flaw revealed (CVE-2021-36934)
"An elevation of privilege vulnerability exists because of overly permissive Access Control Lists on multiple system files, including the Security Accounts Manager database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have the ability to execute code on a victim system to exploit this vulnerability," Microsoft confirmed.
The vulnerability stems from the fact that non-administrative users can read the vulnerable host's sam, system, and security Windows Registry hive files.
Q: what can you do when you have #mimikatz🥝 & some Read access on Windows system files like SYSTEM, SAM and SECURITY?
CVE-2021-36934 is exploitable only if a VSS shadow copy of the system drive is available.
As Dormann explained, while VSS shadow copies may not be available in some configurations, "Simply having a system drive that is larger that 128GB in size and then performing a Windows Update or installing an MSI will ensure that a VSS shadow copy will be automatically created."
Microsoft has updated the security advisory to note that the flaw affects various Windows 10 and Windows server versions.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/AAn0IaF0XJQ/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-22 | CVE-2021-36934 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. | 0.0 |