Jonas Lykkegaard Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/jonas-lykkegaard/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Thu, 22 Jul 2021 16:48:28 +0000 en-US hourly 1 https://wordpress.org/?v=98433 200474804 Vulnerability in Windows 10 could allow gaining administrator privileges https://gridinsoft.com/blogs/vulnerability-in-windows-10/ https://gridinsoft.com/blogs/vulnerability-in-windows-10/#respond Thu, 22 Jul 2021 16:48:28 +0000 https://blog.gridinsoft.com/?p=5732 Last weekend, the well-known cybersecurity researcher Jonas Lykkegaard reported a rather serious vulnerability in Windows 10. All versions of Windows 10 released in the last 2.5 years (as well as Windows 11) are vulnerable to an issue dubbed SeriousSAM and HiveNightmare. Thanks to this bug, an attacker can elevate his privileges and gain access to… Continue reading Vulnerability in Windows 10 could allow gaining administrator privileges

The post Vulnerability in Windows 10 could allow gaining administrator privileges appeared first on Gridinsoft Blog.

]]>
Last weekend, the well-known cybersecurity researcher Jonas Lykkegaard reported a rather serious vulnerability in Windows 10.

All versions of Windows 10 released in the last 2.5 years (as well as Windows 11) are vulnerable to an issue dubbed SeriousSAM and HiveNightmare. Thanks to this bug, an attacker can elevate his privileges and gain access to passwords from user accounts.

The vulnerability relates to how Windows 10 controls access to files such as SAM, SECURITY, and SYSTEM:

  • C:\Windows\System32\config\sam
  • C:\Windows\System32\config\security
  • C:\Windows\System32\config\system

Let me remind you that these files store information such as hashed passwords for all Windows user accounts, security-related settings, encryption key data, and other important information about the OS kernel configuration. If a potential attacker can read the files, the information obtained will help him to gain access to user passwords and critical system settings.

Normally, only a Windows administrator can interact with these files. However, while testing Windows 11, the expert noticed that although the OS restricts access to these files for low-level users, the available copies of the files are saved in shadow copies. Moreover, as it turned out, this problem appeared in the Windows 10 code back in 2018, after the release of version 1809.

Gaining access to the Security Account Manager (SAM) configuration file is always a huge challenge as it can steal hashed passwords, crack those hashes, and hijack accounts. Even worse, SYSTEM and SECURITY can also contain similar other, equally dangerous data, including DPAPI encryption keys and Machine Account details (used to join computers to Active Directory). Below you can see a demonstration of such an attack, recorded by the creator of Mimikatz, Benjamin Delpy.

Microsoft has already acknowledged the problem and assigned it an ID CVE-2021-36934.

The privilege escalation vulnerability works because of excessive permissions on Access Control Lists (ACLs) on several system files, including the Security Accounts Manager (SAM) database.

[After a successful attack] an attacker will be able to install programs, view, modify or delete data, create new accounts with full user rights. To exploit the vulnerability, an attacker must be able to execute code on the victim’s system.Microsoft representatives wrote.

So far, Microsoft is only investigating the issue and is working on a patch that will most likely be released as an emergency security update later this week. So far, the company only recommends restricting access to the problem folder, as well as deleting shadow copies.

It is worth noting that well-known information security expert Kevin Beaumont has already published a PoC exploit for SeriousSAM so that admins can check which of their systems are vulnerable to attacks.

Let me remind you that I also reported that Windows 10 bug causes BSOD when opening a specific path.

The post Vulnerability in Windows 10 could allow gaining administrator privileges appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/vulnerability-in-windows-10/feed/ 0 5732
Windows 10 bug causes BSOD when opening a specific path https://gridinsoft.com/blogs/windows-10-bug-causes-bsod-when-opening-a-specific-path/ https://gridinsoft.com/blogs/windows-10-bug-causes-bsod-when-opening-a-specific-path/#respond Tue, 19 Jan 2021 16:16:50 +0000 https://blog.gridinsoft.com/?p=5007 A bug in Windows 10 causes the OS to crash with a blue screen of death (BSOD) if the user tries to open a specific path in the address bar of the browser or uses other Windows commands. Last week, Twitter posted messages from a security researcher about two vulnerabilities in Windows that could be… Continue reading Windows 10 bug causes BSOD when opening a specific path

The post Windows 10 bug causes BSOD when opening a specific path appeared first on Gridinsoft Blog.

]]>
A bug in Windows 10 causes the OS to crash with a blue screen of death (BSOD) if the user tries to open a specific path in the address bar of the browser or uses other Windows commands.

Last week, Twitter posted messages from a security researcher about two vulnerabilities in Windows that could be exploited by cybercriminals in different attacks.

The first vulnerability allows an unprivileged user or program to issue a single command to make an NTFS volume appear corrupted. While chkdsk has successfully resolved this issue in a number of tests, in one of the tests the command damaged the hard drive, which caused Windows to stop loading.say Bleeping Computer journalists.

The second bug can cause a blue screen of death when trying to open an unusual path.

Since October last year, security researcher Jonas Lykkegaard has repeatedly written about a path that immediately crashes Windows 10 and displays a blue screen of death after entering into the address bar of a browser (for example, Chrome),.

When developers want to interact with a Windows device directly, they can pass the Win32 device namespace path as an argument to various Windows software functions. This allows the application, for example, to interact directly with the physical disk, bypassing the file system.

I was able to find the Win32 device namespace path for the ‘console muxer driver’, which is used for kernel/usermode IPC.Jonas Lykkegaard told BleepingComputer.

Opening the path in various ways by a user, even with a low privilege level, can cause Windows 10 to shutdown:\\.\Globalroot\device\condrv\kernelconnect.

When connecting to a device, developers pass the extended attach attribute to correctly communicate with it.

As Lukkegaard discovered, when trying to connect to a path without passing an attribute, due to incorrect error checking is thrown an exception causing a blue screen of death. To make matters worse, low-privileged Windows users can try to connect to the device using this path, thereby allowing any program running on the computer to cause Windows 10 to crash.

Let me remind you that recently Google Project Zero discovered a 0-day vulnerability in the Windows kernel.

The post Windows 10 bug causes BSOD when opening a specific path appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/windows-10-bug-causes-bsod-when-opening-a-specific-path/feed/ 0 5007