HiveNightMare CVE-2021-36934 | Windows Elevation of Privilege Vulnerability
1 min read
CVE-2021-36934 | Windows Elevation of Privilege Vulnerability
Released: Jul 20, 2021 Last updated: Aug 10, 2021
Aug 10, 2021: Microsoft is releasing an update for all affected versions of Windows to address this vulnerability.
The Microsoft security update does not fully resolve this vulnerability. To fully fix this vulnerability you need to apply the patch and delete the shadow copies of user data.
How to delete the Shadow Copy can be found in KB5005357
The Microsoft security update corrects the ACLs on specific system files, including the SAM database. To avoid unexpected behavior, this security update does not correct the ACLs on every file in %windir%\system32\config.
Base Score 7.8 (High)
Impact Score 5.9
Exploitability Score: 1.8
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Impact on Confidentiality: High
Integrity: High
Availability: High
Exploit Code Maturity: Functional
CWE-269 http://cwe.mitre.org/data/definitions/269.html
CWE Name: Improper Privilege Management