“Summer of SAM”: Microsoft Releases Guidance for CVE-2021-36934, (Wed, Jul 21st)

This article has been indexed from SANS Internet Storm Center, InfoCON: green

Microsoft released a knowledge base article regarding CVE-2021-36934 [1]. Bojan yesterday explained the vulnerability in more detail. Recent versions of Microsoft Windows expose several system files due to overly permissive access control lists. Of main interest is the Security Accounts Manager (SAM), which exposes password hashes. It has been demonstrated how this can easily be exploited by retrieving these files from shadow volumes.

Read the original article: “Summer of SAM”: Microsoft Releases Guidance for CVE-2021-36934, (Wed, Jul 21st)