Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Microsoft Windows Elevation of Privilege Vulnerability (HiveNightmare, SeriousSAM)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Microsoft Windows is prone to an elevation of privilege vulnerability.
Insight
Insight
The flaw exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. The flaw is dubbed 'HiveNightmare' or 'SeriousSAM'.
Affected Software
Affected Software
- Microsoft Windows 10 Version 1909 for 32-bit Systems - Microsoft Windows 10 Version 1909 for x64-based Systems - Microsoft Windows 10 Version 1809 for 32-bit Systems - Microsoft Windows 10 Version 1809 for x64-based Systems
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
The vendor has released updates. Please see the references for more information. After installing this security update, you must manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerability. Simply installing this security update will not fully mitigate this vulnerability.
Common Vulnerabilities and Exposures (CVE)
References
- https://support.microsoft.com/en-us/topic/august-10-2021-kb5005030-os-
- https://support.microsoft.com/en-us/topic/august-10-2021-kb5005031-os-
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
- https://kb.cert.org/vuls/id/506989
- https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9