While 7xS is primarily a weekly recap of pertinent security events you need to be aware of and can read in 7 seconds (or so...), we felt as if the impact of the following vulnerabilities warranted a second post this week.

Using Windows 10 or 11?

Do this: Apply the following mitigations while Microsoft works to release a security update:

Restrict access to the contents of %windir%\system32\config:

  • Open Command Prompt or Windows PowerShell as an administrator.
  • Run this command: icacls %windir%\system32\config\*.* /inheritance:e
Delete Volume Shadow Copy Service (VSS) shadow copies:
  • Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config.
  • Create a new System Restore point (if desired).
Impact of workaround: Deleting shadow copies could impact restore operations, including the ability to restore data with third-party backup applications.
Note: You must restrict access and delete shadow copies to prevent exploitation of this vulnerability.

Why: Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files–including the Security Account Manager (SAM) file that contains hashed passwords for local accounts.
Additional Info: Details: https://www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/
MSRC: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934

Using Linux?

Do this: Apply the latest security updates.
Why: "The Qualys Research Team has discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration."
Additional Info: From Qualys: https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909

About the Author

Ryan Bradbury, CISSP, OSCP
Principal Consultant & Cofounder

As a founding partner and principal consultant at SEVN-X, Ryan employs his training, experience, and expertise in helping organizations assess and protect their information security assets as well as respond to cybersecurity events. Ryan’s skillset has been forged from an extensive amount of field work—across various verticals—serving in both strategic and tactical security roles. SEVN-X requires all of its team members to be experts in information security and that starts from the top down.