This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Two new vulnerabilities, one in Windows and the other in Linux, were discovered on Tuesday, allowing hackers with a presence in a vulnerable machine to circumvent OS security limits and access critical resources.
Microsoft’s Windows 10 and upcoming Windows 11 versions have been discovered to be vulnerable to a new local privilege escalation vulnerability that allows users with low-level permissions to access Windows system files, permitting them to decrypt private keys and uncover the operating system installation password. The vulnerability has been named “SeriousSAM”.
CERT Coordination Center (CERT/CC) stated in a vulnerability note published, “Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and SECURITY registry hive files. This can allow for local privilege escalation (LPE).”
The operating system configuration files in question are as follows –
c:\Windows\System32\config\sam
c:\Windows\System32\config\system
c:\Windows\System32\config\security
Microsoft acknowledged the vulnerability, which has been assigned the number CVE-2021-36934 but is yet to offer a patch or provide a timeframe for when a fix will be released.
The Windows makers explained, “An elevation of privilege vulnerability exists because of overly permissive Acce
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: New Windows and Linux Flaws: Provide Attackers Highest System Privileges