New Windows and Linux Flaws Give Attackers Highest System Privileges

[chain]

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys.

The vulnerability has been nicknamed "SeriousSAM."

"Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and SECURITY registry hive files," CERT Coordination Center (CERT/CC) said in a vulnerability note published Monday. "This can allow for local privilege escalation (LPE)."

The operating system configuration files in question are as follows -

• c:\Windows\System32\config\sam
• c:\Windows\System32\config\system
• c:\Windows\System32\config\security

Microsoft, which is tracking the vulnerability under the identifier CVE-2021-36934, acknowledged the issue, but has yet to roll out a patch, or provide a timeline for when the fix will be made available.

"An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database," the Windows makers noted. "An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Read more here