Rewterz Threat Advisory –Microsoft Windows Vulnerable to Privilege Escalation

July 21, 2021

Severity

High

Analysis Summary

Windows 10 and 11 are vulnerable to local EoP (elevation of privilege) vulnerability as users with low privileges are able to access sensitive registry database files. With these low file permissions, a threat actor with limited privileges on a device can extract the NTLM hashed passwords for all accounts on a device and use those hashes in pass-the-hash attacks to gain elevated privileges.

Impact

Privilege Escalation

Affected Vendors

Microsoft

Affected Products

Microsoft Windows 10
Microsoft Windows 11

Remediation

Ensure detection of access to C:\Windows\System32\config\SAM in command-line
Ensure detection of command icacis C:\Windows\System32\config\SAM

Visit the vendor website to stay updated on patches, affected products, and workarounds at https://msrc.microsoft.com/update-guide/vulnerability

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC-F Series

Rewterz Threat Advisory –New Linux kernel bug lets you get root on most modern distros

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.