Skip to main content
Customer Support Customer Support

Easily exploitable, unpatched Windows privilege escalation flaw revealed (CVE-2021-36934)

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

July 21, 2021 By Zeljka Zorz

 

A researcher that goes by the Twitter handle @jonasLyk has unearthed an easily exploitable vulnerability (CVE-2021-36934) in Windows 10 that may allow local non-administrative users to gain administrative-level privileges.

About CVE-2021-36934

“An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have the ability to execute code on a victim system to exploit this vulnerability,” Microsoft confirmed.

 

Full Article.

    Jasper_The_Rasper
    TripleHelix
    2 people like this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • TripleHelix
      TripleHelix

    J
    New Voice
    Forum|alt.badge.img+5

    So is Webroot able to block this exploit or do we need to go through all the work of blocking it manually?

     

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934

    TripleHelix
    Moderator
    Forum|alt.badge.img+63
    • TripleHelix
    • Moderator
    • 9076 replies
    • July 24, 2021

    Hello @jmrathbun 

     

    Webroot doesn’t Block exploit’s that’s up to Microsoft to patch the vulnerability but Webroot protects against Malware that tries to use the exploit in Malicious ways.

     

    As @Jasper_The_Rasper posted: “An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”

     

    HTH,

    Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
    Jasper_The_Rasper
    TripleHelix
    2 people like this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • TripleHelix
      TripleHelix
    J
    New Voice
    Forum|alt.badge.img+5

    “An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”

    I appreciate the prompt input, but my knowledge of WinX exploits isn’t quite up to par. How would the bad guys be able to access my system remotely to “execute code”? Are there some phishing or other downloads I have to watch out for?

    Jasper_The_Rasper
    1 person likes this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    TripleHelix
    Moderator
    Forum|alt.badge.img+63
    • TripleHelix
    • Moderator
    • 9076 replies
    • July 24, 2021
    jmrathbun wrote:

    “An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”

    I appreciate the prompt input, but my knowledge of WinX exploits isn’t quite up to par. How would the bad guys be able to access my system remotely to “execute code”? Are there some phishing or other downloads I have to watch out for?


    Yes you have to be-careful at all times via emails from people you don’t know don’t open any attachments or bad websites. NO AV is 100% so we have to use safe practices at all times.

    Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
    Jasper_The_Rasper
    TripleHelix
    2 people like this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • TripleHelix
      TripleHelix

    Reply


    Terms & Conditions