July 20, 2021

Emerging: Fully updated Windows machines may have a user-readable SAM file in Shadow Copies, leaking Windows’ local password DB to regular users if Shadow Copy is enabled


Emerging: Fully updated Windows machines may have a user-readable SAM file in Shadow Copies, leaking Windows’ local password DB to regular users if Shadow Copy is enabled

Comments

tweedge

As with anything emergent, please take this all with reasonable skepticism.

* Some evidence points to KB5004237 as the culprit, as rolling that back appears to resolve the vulnerable permissions being applied: https://twitter.com/timmytimj/status/1417291655800098818
* However, this is *not conclusive* (don’t go rolling that back across your infra yet!), and others are testing prior versions of Windows 10, Windows Server 2019, etc. to try to narrow down when this bug may have been introduced + what exact conditions cause it: https://twitter.com/jeffmcjunkin/status/1417246532575711232

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.