Security News > 2021 > July > Microsoft has a workaround for 'HiveNightmare' flaw: Nuke your shadow copies from orbit

After setting the "Days since a security cock-up" counter back to zero, Microsoft has published an official workaround for its Access Control Lists vulnerability.

The solution? Use the icacls command to deal with the permissions set for the contents of system32config, which are at the root of the problem, and then wipe any Volume Shadow Copy Service shadow copies that were taken prior to the icacls fix.

It's hardly an ideal solution, since those shadow copies could have been taken for a good reason.

As the CVE update notes: "Deleting shadow copies could impact restore operations, including the ability to restore data with third-party backup applications."

The issue is that those shadow copies could contain files to which miscreants might gain access, including private data such as credentials.

The access was gained by peering into the VSS shadow copies of the files, which had misconfigured ACLs.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/22/microsoft_hivenightmare/