Test ID:	1.3.6.1.4.1.25623.1.0.818842
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Windows Elevation of Privilege Vulnerability (HiveNightmare, SeriousSAM)
Summary:	Microsoft Windows is prone to an elevation of privilege; vulnerability.
Description:	Summary: Microsoft Windows is prone to an elevation of privilege vulnerability. Vulnerability Insight: The flaw exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. The flaw is dubbed 'HiveNightmare' or 'SeriousSAM'. Vulnerability Impact: Successful exploitation will allow an attacker who successfully exploited this vulnerability to run arbitrary code with SYSTEM privileges. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Affected Software/OS: - Microsoft Windows 10 Version 1909 for 32-bit Systems - Microsoft Windows 10 Version 1909 for x64-based Systems - Microsoft Windows 10 Version 1809 for 32-bit Systems - Microsoft Windows 10 Version 1809 for x64-based Systems Solution: The vendor has released updates. Please see the references for more information. After installing this security update, you must manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerability. Simply installing this security update will not fully mitigate this vulnerability. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-36934 http://packetstormsecurity.com/files/164006/HiveNightmare-AKA-SeriousSAM.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36934
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.