"HiveNightmare: Windows 10 and Windows 11 Have a Security Vulnerability"
Both Windows 10 and Windows 11 have been discovered to be impacted by a local privilege escalation vulnerability that can allow attackers to gain access to otherwise inaccessible areas of the registry. The exploitation of this vulnerability could lead to the discovery of passwords, DPAPI decryption keys, and more. The zero-day vulnerability called HiveNightmare allows unauthorized access to the Security Account Manager (SAM), SYSTEM, and SECURITY hive files. A US-CERT advisory warns that the security flaw could enable attackers to extract account password hashes, discover the original Windows installation password, recover DPAPI computer keys, and obtain a computer machine account. Microsoft describes the flaw as an elevation of privilege vulnerability that stems from overly permissive Access Control Lists (ACLs) on multiple system files, including the SAM database. An attacker could run arbitrary code with SYSTEM privileges through the successful exploitation of this vulnerability. They could then perform malicious activities such as viewing, changing, or deleting data, and creating new accounts with full user rights. However, an attacker must know how to execute code on a victim's machine to exploit the vulnerability. Microsoft has provided information about a workaround to help mitigate the vulnerability until a patch is made available. This article continues to discuss the HiveNightmare registry vulnerability that affects Windows 10 and 11, and details about a workaround to help mitigate it.
BetaNews reports "HiveNightmare: Windows 10 and Windows 11 Have a Security Vulnerability"