After a bug that had been present in Windows for 16 years and that affected millions of printers was announced, now two other bugs with similar effects have been discovered in Windows and Linux that demonstrate how important it is to update our operating systems to the latest version.
Both Windows 10 and Windows 11 are vulnerable to a privilege escalation attack that allows an account with user permissions to access Windows system files, even recovering the operating system password and decrypting private keys.
Three Windows folders, the source of the problem
The failure affects all versions of Windows 10 after 1809, and in them any user can access files in the SAM, SYSTEM and SECURITY folders , all of them present in the path C: WindowsSystem32config . Microsoft has acknowledged the existence of the bug, assigning it the code CVE-2021-36934 .
However, a patch has not yet been released nor has it said when it will release it, so the vulnerability can currently be exploited by any hacker. With it, an attacker can view, change or delete data on any infected computer, as well as create an administrator account with all possible permissions. And it is even possible to create a hidden administrator account so that we cannot see it.
In order to take advantage of the vulnerability, an attacker needs to have physical access to the computer, or alternatively take advantage of another vulnerability that allows him to have remote access. Therefore, while the patch is being released, they recommend restricting access to the SAM, SYSTEM, and SECURITY folders.
This bug is the third zero-day bug released for Windows 10 after Patch Tuesday was released on July 13. The other two are those related to PrintNightmare, and demonstrate how dangerous it is to publish the existence of a vulnerability without it being patched.
Linux also affected by a similar bug
Linux is not released, and it is also affected by a bug that allows the same actions to be carried out. The bug affects all distros that have a Linux kernel from 2014 to today, where an attacker can lead to root permissions. The bug has received the code CVE-2021-33909 , and by default affects operating systems such as Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, Red Hat Enterprise Linux 6, 7 and 8, and Fedora 34 Workstation.
The flaw is that an attacker with local access to the computer can create, mount and delete a deep structure whose occupied space exceeds 1 GB, resulting in an escalation of privileges.
In this case, luckily, the vulnerability is patched, so Linux users can rest easy if they have updated their systems in the last few weeks.