Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

HiveNightmare privilege escalation flaw hits Windows 10 & 11

4 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

We, here at Windows Report, always stress the importance of staying protected while being connected to the internet, as cyber threats are growing and everpresent, nowadays.

Failing to do so can result in leaks of confidential and valuable data that can have severe repercussions for individuals, as well as for enterprises.

Tuesday, everyone was shocked to learn about two new vulnerabilities, one in Windows and the other in Linux, that can allow hackers to bypass OS security restrictions and access sensitive resources.

New Windows 11 vulnerability could lead to serious breaches

New Windows 11 vulnerability could lead to serious breaches

This critical Windows vulnerability was discovered by accident a few days ago when a researcher noticed what he believed was a coding regression in a beta version of the upcomingWindows 11.

He also found that the contents of thesecurity account manager (SAM), which is the database that stores user accounts and security descriptors for users on the local computer, could be read by users with limited system privileges.

yarh- for some reason on win11 the SAM file now is READ for users.So if you have shadowvolumes enabled you can read the sam file like this:I dont know the full extent of the issue yet, but its too many to not be a problem I think.pic.twitter.com/kl8gQ1FjFt

To give you a better understanding, we all know that, as operating systems and applications become harder to break into, successful attacks require two or more vulnerabilities to be exploited.

To be a bit more precise, one of the vulnerabilities will allow malicious third parties to access low-privileged OS resources, where code can be executed or private data can be read.

The second vulnerability takes the process to a whole new level, granting access to system resources reserved for password storage or other sensitive operations.

How exactly does this issue allow attackers to infiltrate our systems?

The above-mentioned issue made it possible for third parties to extract cryptographically protected password data.

Also, they could discover the password we used to install Windows, get their hands on the computer keys for the Windows data protection API, which can be used to decrypt private encryption keys.

Another action that cyber attackers could perform while exploring this vulnerability is the creation of accounts on the targeted device.

As you can imagine, the result is that the local user can elevate privileges all the way to System, the highest level in Windows.

Q: what can you do when you have#mimikatz? & some Read access on Windows system files like SYSTEM, SAM and SECURITY?A: Local Privilege Escalation ?Thank you@jonasLykfor this Read access on default Windows?pic.twitter.com/6Y8kGmdCsp

This is now a new vulnerability and was present even on Windows 10

Users that took notice of these posts and responded, also pointed out that this behavior wasn’t a regression introduced in Windows 11, as initially thought.

Allegedly, the same vulnerability that has Windows 11 users on the edge of their seats was present even in the latest version of Windows 10.

Thus, the US Computer Emergency Readiness Teamstatedthat this issue is manifesting when the Volume Shadow Copy Service, the Windows feature that allows the OS or applications to take snapshots of an entire disk without locking the filesystem, is turned on.

What’s even worse, is that currently, there is no patch available, so there is no way of telling when this problem will actually be fixed.

Microsoft company officials are investigating the vulnerability and will take action as needed. The vulnerability is being tracked as CVE-2021-36934, asMicrosoft said that exploits in the wild are more likely.

Are you taking extra precautions in order to avoid becoming a victim of cyber-attacks? Share your thoughts with us in the comments section below.

More about the topics:Windows 11

Vlad Turiceanu

Windows Editor

Passionate about technology,Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world.

Coming from a solid background in PC building and software development, with a complete expertise in touch-based devices, he is constantly keeping an eye out for the latest and greatest!

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Vlad Turiceanu

Windows Editor

Coming from a solid background in PC building and software development, he’s a Windows 11 Privacy & Security expert.