HiveNightMare CVE-2021-36934 | Windows Elevation of Privilege Vulnerability

CVE-2021-36934 | Windows Elevation of Privilege Vulnerability

Released: Jul 20, 2021 Last updated: Aug 10, 2021

Aug 10, 2021: Microsoft is releasing an update for all affected versions of Windows to address this vulnerability.
The Microsoft security update does not fully resolve this vulnerability. To fully fix this vulnerability you need to apply the patch and delete the shadow copies of user data.

How to delete the Shadow Copy can be found in KB5005357

The Microsoft security update corrects the ACLs on specific system files, including the SAM database. To avoid unexpected behavior, this security update does not correct the ACLs on every file in %windir%\system32\config.

Base Score 7.8 (High)
Impact Score 5.9
Exploitability Score: 1.8
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None

Impact on Confidentiality: High
Integrity: High
Availability: High

Exploit Code Maturity: Functional

CWE-269 http://cwe.mitre.org/data/definitions/269.html
CWE Name: Improper Privilege Management

HiveNightMare CVE-2021-36934 | Windows Elevation of Privilege Vulnerability

Leave a Reply Cancel reply

Hot to user Nmap to scan Microsoft Exchange servers for “ProxyNoShell”, 2022-40140 & CVE-2022-41082

CVE-2022-36934 Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

SQL Injection vulnerability in Advantech iView CVE-2022-3323

Critical Microsoft Exchange ZeroDay – CVE-2022-41082 Server-Side Request Forgery (SSRF)