Microsoft recently released a privilege escalation vulnerability dubbed “HiveNightmare”. HiveNightmare affects Windows platform and grants read privileges to non-administrative users accessing system32/config files. Exploitation of the vulnerability allows an attacker with limited local user privileges to gain access to hashed passwords, as well as elevate their privileges to admin.
At this moment, Microsoft has not released a patch to fix this vulnerability. Microsoft recommend to implement the workaround of restricting access to the contents of %windir%\system32\config and delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config.
For more information please see:
Windows Elevation of Privilege Vulnerability
System / Technologies affected:
- Windows 10 1809 and later versions
- Windows Server 2019
Matsco Solutions is currently testing the workaround to ensure there are no issues with it and will be reach out to clients running the affected products for applying the workaround.
Please contact the Matsco Solutions team on the below if you would like any further information.
support@matscosolutions.com
Beijing +86 400 120 2782
Hong Kong +852 8101 8418
London +44 (0)20 7821 4950
New York +1 866 446 9226
Singapore +65 6100 1090
Share this Post