How to fix errors for ACL and SAM vulnerabilities on Windows
The recently discovered CVE-2021-36934 vulnerability is an important issue because it provides elevated privileges to the bad guys.
The elevated privilege vulnerability exists because Access Control Lists (ACLs) are too permissive on many system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with system privileges. They can then install programs, view, change or delete data; or create a new account with full user rights.
To exploit the vulnerability, the bad guys must have access to the system and run the code in the first place. Microsoft is still investigating the issue and more data is expected to be added to the CVE. However, for now, users can try 2 methods to disable the vulnerable part of the operating system.
According to the official version, no vulnerabilities were exploited and Microsoft was quick enough to come up with an alternative. However, the company also mentioned that exploits using the vulnerability are more likely to happen and users must follow the workaround as quickly as possible.
How to fix
First, you have to run Command Prompt or Windows PowerShell command execution application and run below command to limit access to %windir%system32config folder.
With Command Prompt: icacls %windir%system32config*.* /inheritance:e
With PowerShell: icacls $env:windirsystem32config*.* /inheritance:e
In the second step, the user must delete the copy of the Volume Shadow Copy Service. And will also require deleting System Restore's restore points.
Once they have been removed and access to the %windir%system32config folder is restricted, the user can create another System Restore point.
The problem with the workaround is that the user will lose access to existing System Restores. That won't be a problem for those with another form of backup, but individuals or organizations that rely entirely on System Restore points will be at risk.
It should be noted that the current workaround is a temporary workaround. Microsoft will likely release a patch after thoroughly investigating the issue.
You should read it
- Funny caption of hackers spreading WannaCry malicious code
- If there is not enough ransom for the file, send an email to complain to the hacker, maybe you will get a surprise gift
- Network security 2009: Disturbing computer virus problems
- Watch out for new dangerous viruses similar to WannaCry
- Network security challenges in 2014
- 10 most famous hacks of all time
- Thousands of images on Google are infected with malicious code
- Windows users need to update this software immediately
- 100 hackers were arrested for the super-dangerous BlackShades malicious code
- Find bug in Emotet malware, prevent it from spreading for 6 months
- Threats and risks from malware on USB Flash
- Trend of virus overwriting the file system
Maybe you are interested
How to view Android system update history
Europe develops satellite internet system to replace Starlink
HWMonitor - Free and popular system monitoring tool
Moving files between Linux systems with SCP
7 Windows Recovery Options to Make System Recovery Easy
Mars: Overview of the 4th planet in the solar system