Restrict SAM files and Registry permissions - allow access only for Administrators.Delete all users from the built-in users' group - this is a good place to start from, but won't protect you if Administrator credentials are stolen.Mitigating SeriousSAMĪccording to Dvir Goren, CTO at CalCom, there are three optional hardening measures: Invading Domain users that way will give attackers elevated privileges on the network.īecause there is no official patch available yet from Microsoft, the best way to protect your environment from SeriousSAM vulnerability is to implement hardening measures. Once the attacker has 'User' access, they can use a tool such as Mimikatz to gain access to the Registry or SAM, steal the hashes and convert them to passwords.
SeriousSAM vulnerability, tracked as CVE-2021-36934, exists in the default configuration of Windows 10 and Windows 11, specifically due to a setting that allows 'read' permissions to the built-in user's group that contains all local users.Īs a result, built-in local users have access to read the SAM files and the Registry, where they can also view the hashes. Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly.Īs we reported last week, the vulnerability - SeriousSAM - allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.Īttackers can exploit this vulnerability to obtain hashed passwords stored in the Security Account Manager (SAM) and Registry, and ultimately run arbitrary code with SYSTEM privileges.
0 kommentar(er)
