Security News > 2021 > July > Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug
A privilege escalation bug, affecting versions of Windows 10, received a workaround fix by Microsoft Wednesday to prevent attackers from accessing data and creating new accounts on compromised systems.
The bug, dubbed SeriousSAM, affects the Security Accounts Manager database in all versions of Windows 10.
A prerequisite for abuse of the bug is an adversary needs either remote or local access to the vulnerable Windows 10 system.
Simply stated, an attacker could leverage the bug to gain access to the SAM database of hashed credentials, which then could be decrypted offline and used to bypass Windows 10 user access controls.
In a Tweet by Lyk, the researcher said the bug also impacts pre-production versions of Windows 11.
The researcher said the bug was discovered while tinkering with Windows 11.
News URL
https://threatpost.com/win-10-serioussam/168034/
Related news
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Windows 10 KB5049981 update released with new BYOVD blocklist (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)