itman 1,749 Posted July 20, 2021 Share Posted July 20, 2021 Quote Vulnerability Note VU#506989 Original Release Date: 2021-07-20 | Last Revised: 2021-07-20 Overview Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and SECURITY registry hive files. This can allow for local privilege escalation (LPE). Description Starting with Windows 10 build 1809, the BUILTIN\Users group is given RX permissions to the following files: c:\Windows\System32\config\sam c:\Windows\System32\config\system c:\Windows\System32\config\security If a VSS shadow copy of the system drive is available, a non-privileged user may leverage access to these files to achieve a number of impacts, including but not limited to: Extract and leverage account password hashes. Discover the original Windows installation password. Obtain DPAPI computer keys, which can be used to decrypt all computer private keys. Obtain a computer machine account, which can be used in a silver ticket attack. https://kb.cert.org/vuls/id/506989 Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 74 Posted July 21, 2021 ESET Insiders Share Posted July 21, 2021 Microsoft shares workarounds for new Windows 10 zero-day bug (bleepingcomputer.com) Link to comment Share on other sites More sharing options...
Recommended Posts