HiveNightmare Windows Zero-Day Vuln Allows Privilege Escalation

A new Microsoft “HiveNightmare” vuln has surfaced in the MS KB5004605 update that added AES encryption on OS versions from Windows 10 build 1809 and newer, as confirmed by Twitter user Jonas L and @GossiTheDog.  Microsoft says in CVE-2021-36934 that the zero-day can enable users to escalate to SYSTEM privileges on windows 10 & newer systems.  A Haystack Solutions expert offers thoughts.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
July 23, 2021 1:54 pm

<p>Zero-day attacks continue to be among the most alarming for enterprise security analysts. Not only do they have to determine that an attack is occurring, but also how the attack is happening, and how to remediate it and not knowing when a fix may become available makes it even more stressful. This is why organizations have to supplement their security practices with ongoing analytics to observe and respond to anomalous user or network behaviors.</p>

Last edited 1 year ago by Saryu Nayyar
Doug Britton
Doug Britton , CEO
InfoSec Expert
July 23, 2021 1:52 pm

<p>Securing networks is akin to balancing spinning plates. System administrators rely on admin rights and privileges as a first line of security and basic defense. The HiveNightmare bug is a significant threat to a fundamental aspect of network administration and the basic system functions we all rely on. To combat this, we need to make sure we continue to invest in cyber talent. We have the tools to identify professionals who would excel as bug hunters. We need to find them and get them into the fight because this won\’t be the last time network vulnerabilities like this will surface.</p>

Last edited 1 year ago by Doug Britton
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x