Security News > 2021 > July > Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug
A privilege escalation bug, affecting versions of Windows 10, received a workaround fix by Microsoft Wednesday to prevent attackers from accessing data and creating new accounts on compromised systems.
The bug, dubbed SeriousSAM, affects the Security Accounts Manager database in all versions of Windows 10.
A prerequisite for abuse of the bug is an adversary needs either remote or local access to the vulnerable Windows 10 system.
Simply stated, an attacker could leverage the bug to gain access to the SAM database of hashed credentials, which then could be decrypted offline and used to bypass Windows 10 user access controls.
In a Tweet by Lyk, the researcher said the bug also impacts pre-production versions of Windows 11.
The researcher said the bug was discovered while tinkering with Windows 11.
News URL
https://threatpost.com/win-10-serioussam/168034/
Related news
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Windows 10 KB5041580 update released with 14 fixes, security updates (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)
- Microsoft to rollout Windows Recall to Insiders in October (source)
- Microsoft to roll out Windows Recall to Insiders in October (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)