HiveNightmare privilege escalation flaw hits Windows 10 & 11

Reading time icon 4 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • A critical Windows vulnerability, discovered days ago, has users scrambling to enable extra security measures.
  • It started when a researcher noticed what he believed was a coding regression in a beta version of the upcoming Windows 11.
  • Apparently, the contents of the security account manager (SAM), could be read by users with limited system privileges.
  • This vulnerability also impacts all Windows 10 versions released in the past 2.5 years, according to experts.
Windows 11 cyberattack
XINSTALL BY CLICKING THE DOWNLOAD FILE
A message from our partner

To fix Windows PC system issues, you will need a dedicated tool

  • Download Fortect and install it on your PC
  • Start the tool's scanning process to look for corrupt files that are the source of your problem
  • Right-click on Start Repair so the tool could start the fixing algorythm
Download from Fortect.com Fortect has been downloaded by 0 readers this month, rated 4.4 on TrustPilot

We, here at Windows Report, always stress the importance of staying protected while being connected to the internet, as cyber threats are growing and everpresent, nowadays.

Failing to do so can result in leaks of confidential and valuable data that can have severe repercussions for individuals, as well as for enterprises.

Tuesday, everyone was shocked to learn about two new vulnerabilities, one in Windows and the other in Linux, that can allow hackers to bypass OS security restrictions and access sensitive resources.

New Windows 11 vulnerability could lead to serious breaches

This critical Windows vulnerability was discovered by accident a few days ago when a researcher noticed what he believed was a coding regression in a beta version of the upcoming Windows 11.

He also found that the contents of the security account manager (SAM), which is the database that stores user accounts and security descriptors for users on the local computer, could be read by users with limited system privileges.

To give you a better understanding, we all know that, as operating systems and applications become harder to break into, successful attacks require two or more vulnerabilities to be exploited.

To be a bit more precise, one of the vulnerabilities will allow malicious third parties to access low-privileged OS resources, where code can be executed or private data can be read.

The second vulnerability takes the process to a whole new level, granting access to system resources reserved for password storage or other sensitive operations.

https://twitter.com/campuscodi/status/1417716781108678659

How exactly does this issue allow attackers to infiltrate our systems?

The above-mentioned issue made it possible for third parties to extract cryptographically protected password data.

Also, they could discover the password we used to install Windows, get their hands on the computer keys for the Windows data protection API, which can be used to decrypt private encryption keys.

Another action that cyber attackers could perform while exploring this vulnerability is the creation of accounts on the targeted device.

As you can imagine, the result is that the local user can elevate privileges all the way to System, the highest level in Windows.

This is now a new vulnerability and was present even on Windows 10

Users that took notice of these posts and responded, also pointed out that this behavior wasn’t a regression introduced in Windows 11, as initially thought.

Allegedly, the same vulnerability that has Windows 11 users on the edge of their seats was present even in the latest version of Windows 10.

Thus, the US Computer Emergency Readiness Team stated that this issue is manifesting when the Volume Shadow Copy Service, the Windows feature that allows the OS or applications to take snapshots of an entire disk without locking the filesystem, is turned on.

What’s even worse, is that currently, there is no patch available, so there is no way of telling when this problem will actually be fixed.

Microsoft company officials are investigating the vulnerability and will take action as needed. The vulnerability is being tracked as CVE-2021-36934, as Microsoft said that exploits in the wild are more likely. 

https://twitter.com/GossiTheDog/status/1417503290674368513

Are you taking extra precautions in order to avoid becoming a victim of cyber-attacks? Share your thoughts with us in the comments section below.

More about the topics: Windows 11