Vulnerability Details CVE-2021-36934
<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p>
<p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>
Exploit prediction scoring system (EPSS) score
EPSS Score 0.904
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
Proposed Action
If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/164006/HiveNightmare-AKA-SeriousSAM.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36934
- http://packetstormsecurity.com/files/164006/HiveNightmare-AKA-SeriousSAM.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36934
- https://www.kb.cert.org/vuls/id/506989
Products affected by CVE-2021-36934
-
cpe:2.3:o:microsoft:windows_10_1809:-
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1012
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1039
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.107
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1075
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1098
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1131
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1132
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1158
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1192
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1217
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1282
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1294
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1339
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.134
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1369
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1397
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1432
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1457
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1490
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1518
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1554
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1577
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1579
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1613
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1637
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.168
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1697
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1728
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1757
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1790
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1817
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1821
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1823
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1852
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1879
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1911
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1935
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.194
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.195
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1971
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.1999
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2028
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2090
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2091
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.253
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.292
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.316
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.348
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.379
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.404
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.437
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.439
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.475
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.503
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.504
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.529
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.55
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.557
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.592
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.593
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.615
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.652
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.678
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.720
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.737
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.740
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.774
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.775
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.805
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.832
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.864
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.914
-
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.973
-
cpe:2.3:o:microsoft:windows_10_1909:-
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1016
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1049
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1082
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1110
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1139
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1171
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1198
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1199
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1237
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1256
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1316
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1350
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1377
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1379
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1411
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1440
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1441
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1443
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1474
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1500
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1533
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1556
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1593
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1621
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1645
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1646
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1714
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.476
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.535
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.592
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.628
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.657
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.693
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.719
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.720
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.752
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.753
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.778
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.815
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.836
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.900
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.904
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.959
-
cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.997
-
cpe:2.3:o:microsoft:windows_10_2004:-
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.1023
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.1052
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.1055
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.1081
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.1082
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.1083
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.1110
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.1151
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.264
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.329
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.331
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.388
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.423
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.450
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.488
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.508
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.546
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.572
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.610
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.630
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.631
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.662
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.685
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.746
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.789
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.804
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.844
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.867
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.868
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.870
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.906
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.928
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.964
-
cpe:2.3:o:microsoft:windows_10_2004:10.0.19041.985
-
cpe:2.3:o:microsoft:windows_10_20h2:-
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.1023
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.1052
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.1055
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.1081
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.1082
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.1083
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.1110
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.1151
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.572
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.610
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.630
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.631
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.662
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.685
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.746
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.789
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.804
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.844
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.867
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.868
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.870
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.906
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.928
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.964
-
cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.985
-
cpe:2.3:o:microsoft:windows_10_21h1:-
-
cpe:2.3:o:microsoft:windows_10_21h1:10.0.19041.3570
-
cpe:2.3:o:microsoft:windows_10_21h1:10.0.19043.1023
-
cpe:2.3:o:microsoft:windows_10_21h1:10.0.19043.1052
-
cpe:2.3:o:microsoft:windows_10_21h1:10.0.19043.1055
-
cpe:2.3:o:microsoft:windows_10_21h1:10.0.19043.1081
-
cpe:2.3:o:microsoft:windows_10_21h1:10.0.19043.1082
-
cpe:2.3:o:microsoft:windows_10_21h1:10.0.19043.1083
-
cpe:2.3:o:microsoft:windows_10_21h1:10.0.19043.1110
-
cpe:2.3:o:microsoft:windows_10_21h1:10.0.19043.1151
-
cpe:2.3:o:microsoft:windows_10_21h1:10.0.19043.985