Jonas Lyk, a cybersecurity specialist, reported the discovery of a critical vulnerability in Windows 10 systems whose exploitation would allow threat actors to gain high privileges and even steal user passwords. The expert mentions that the vulnerability lies in the signature in which the operating system grants access to its configuration files.

The flaw was dubbed “SeriousSAM”, in reference to the signature in which Windows 10 controls access to folders such as SAM, SECURITY, and SYSTEM. These are important folders on the system, as they contain information such as hashed passwords for all user accounts on the system, as well as security settings, encryption keys, and other sensitive details.

Malicious hackers with access to these files could extract sensitive information in order to access passwords and other details for malicious purposes. Given the information stored in these directories, only a Windows administrator account could interact with these files.

The researcher found the vulnerability while analyzing a trial version of Windows 11. In his report, Lyk mentions that while Windows restricts access to sensitive configuration files only to users with high privileges, copies of these files are also saved in backup files due to the work of Shadow Volume Copy, a system feature that creates logs of the files.

Persistent threat actors on affected systems could abuse this flaw to gain full control over the latest versions of Windows, released over the past three years. The main risk is the potential access to the Security Account Manager (SAM) configuration file, as this action will allow hackers to steal hashed passwords and hijack vulnerable accounts.

It should be noted that other configuration files stored in vulnerable folders could also generate information subject to cyberattack attempts, including DPAPI encryption keys and administrator account details.

In its security alert, Microsoft acknowledges the presence of the vulnerability, which received the CVE-2021-36934 tracking key. The company also recommends removing from the operating system all backups set by Shadow Volume to mitigate the risk of exploitation.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Details of a zero-day vulnerability in Windows 10 were published. Patch not available appeared first on Information Security Newspaper | Hacking News.

You May Also Like

Hacking Back Isnā€™t the Answer, But You Can Still Take Action Against the Adversary With Active Defense Strategies

The post Hacking Back Isnā€™t the Answer, But You Can Still Take…

Critical vulnerabilities allow hacking medical surgical robots and putting lives at risk

Engineering firm Aethon announced the correction of various vulnerabilities in its Tug…

Panasonic FPWIN Pro PLC programming control software vulnerability affects various industrial devices

Cybersecurity specialists report the discovery of a critical vulnerability in FPWIN Pro,…

Critical vulnerability with 9/10 score in VMware products allows hackers to take full control of their networks

In its latest alert, the Cybersecurity and Infrastructure Security Agency (CISA) invites…