← Voltar para CVEs

CVE-2021-36934

HIGHCISA KEV

7.8

Descricao

<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>

Detalhes CVE

Pontuacao CVSS v3.17.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado7/22/2021

Ultima modificacao2/25/2026

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorMicrosoft

ProdutoWindows

Nome da vulnerabilidadeMicrosoft Windows SAM Local Privilege Escalation Vulnerability

Data inclusao KEV2022-02-10

Prazo de remediacao2022-02-24

Uso em ransomwareUnknown

Produtos afetados

microsoft:windows_10_1809microsoft:windows_10_1909microsoft:windows_10_2004microsoft:windows_10_20h2microsoft:windows_10_21h1

Referencias

http://packetstormsecurity.com/files/164006/HiveNightmare-AKA-SeriousSAM.html(secure@microsoft.com)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36934(secure@microsoft.com)

http://packetstormsecurity.com/files/164006/HiveNightmare-AKA-SeriousSAM.html(af854a3a-2127-422b-91ae-364da2661108)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36934(af854a3a-2127-422b-91ae-364da2661108)

https://www.kb.cert.org/vuls/id/506989(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36934(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.