Microsoft Windows 10 users are forced to overcome another problematic unpatched bug that can expose admin passwords.
July has not been a good month for users of Microsoft Windows 10. First, there was the PrintNightmare security vulnerability which was quickly followed by news of a Windows Hello facial recognition bypass bug. Now things have just gone from bad to worse with confirmation from Microsoft of a vulnerability that can expose admin passwords to any local Windows 10 user.
What is the HiveNightmare, or SeriousSAM, vulnerability?
Jonas Lykkegaard appears to have been the first security researcher to pick up on the fact that, for some strange reason, the Security Account Manager (SAM) file had become READ enabled for all users. Initially, this was for the Windows 11 preview, but Jonas pretty quickly established, as confirmed by many others, that Windows 10 was also vulnerable to this security bug. A bug, which has been tagged as both HiveNightmare and SeriousSAM, that meant sensitive, security-related Windows Registry files could be accessed by ordinary local users. Files like SAM containing all the hashed user passwords, including admin ones.
What is the threat to Windows 10 users?
The threat here is an obvious one: an attacker with limited local user privileges could potentially get the hashed passwords and relatively easily use them to elevate their privileges to admin. At this point, it’s game over as they can then pretty much do what they like. The problem is aggravated by the fact the ‘shadow copy’ of the system drive where these files can be found is created when someone performs a Windows Update if that drive is larger than 128GB. So, even if your version of Windows 10 wasn’t initially impacted, it could be after updating.