Security News > 2021 > July > Windows "HiveNightmare" bug could expose system files to non-admin users
An attacker who exploits this flaw could use system privileges to install programs, view or delete data, and create accounts with full user rights.
Following a string of recent flaws discovered in Windows, the latest vulnerability dubbed "HiveNightmare" could allow someone to compromise your system by exploiting a security weakness that affects the Registry.
Specifically, HiveNightmare lets non-admin users access the contents of different Windows system files, including the Security Account Manager, SYSTEM, and SECURITY Registry hive files.
In its description of the bug, Microsoft said that attackers who exploit the flaw could acquire system privileges to install programs, view or delete data, and create accounts with full user rights.
The vulnerability affects all versions of Windows 10, including 1809, 1909, 2004, 20H2 and 21H1, as well as Windows Server 2019.
Microsoft blamed this weakness on overly permissive Access Control Lists for multiple system files.