// For flags

CVE-2021-36934

Microsoft Windows SAM Local Privilege Escalation Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

12
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p>
<p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>

Una Vulnerabilidad de ElevaciĆ³n de Privilegios en Windows

If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-07-19 CVE Reserved
  • 2021-07-22 CVE Published
  • 2021-07-22 First Exploit
  • 2022-02-10 Exploited in Wild
  • 2022-02-24 KEV Due Date
  • 2024-08-04 CVE Updated
  • 2024-11-07 EPSS Updated
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Windows 10 1809
Search vendor "Microsoft" for product "Windows 10 1809"
< 10.0.17763.2114
Search vendor "Microsoft" for product "Windows 10 1809" and version " < 10.0.17763.2114"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 10 1909
Search vendor "Microsoft" for product "Windows 10 1909"
< 10.0.18363.1734
Search vendor "Microsoft" for product "Windows 10 1909" and version " < 10.0.18363.1734"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 10 2004
Search vendor "Microsoft" for product "Windows 10 2004"
< 10.0.19041.1165
Search vendor "Microsoft" for product "Windows 10 2004" and version " < 10.0.19041.1165"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 10 20h2
Search vendor "Microsoft" for product "Windows 10 20h2"
< 10.0.19042.1165
Search vendor "Microsoft" for product "Windows 10 20h2" and version " < 10.0.19042.1165"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 10 21h1
Search vendor "Microsoft" for product "Windows 10 21h1"
< 10.0.19043.1165
Search vendor "Microsoft" for product "Windows 10 21h1" and version " < 10.0.19043.1165"
-
Affected