Microsoft warning of SeriousSam severity

Published: July 28, 2021, 9:00am

A Windows 10 bug that could enable privilege escalation is causing concern.

Dubbed SeriousSam (tracked as CVE-2021-36934; also called HiveNightmare), the bug could allow an attacker to gain access to the Security Accounts Manager (SAM) database of hashed credentials. Once infiltrated, the database could be decrypted offline and used to bypass user access controls.

The bug also appears to affect the pre-production version of Windows 11 (expected to be released in October 2021).

Microsoft rates this bug with a base score metric of 8, which has a severity rating of ‘high.’

Microsoft is investigating this vulnerability and working on a patch that security professionals expect to be released in the coming days or weeks. In the meantime, they have issued a temporary fix for the problem.

Next Steps

Microsoft issued a workaround for the bug last week, which involves restricting access to the contents of %windir%\system32\config, and then deleting the volume shadow copy service (VSS) shadow copies.

Security professionals are also advising that there are added complexities associated with the SeriousSam bug that may require additional resources and expertise. Businesses may want to consider automation platforms to assist.