Windows HiveNightmare Vulnerability

A critical Windows 10 security vulnerability known as CVE-2021-36934 or “HiveNightmare,” was reported last week. Microsoft has been aware of the vulnerability since June, but there is currently no update from Microsoft that addresses the HiveNightmare vulnerability. Here’s what you need to know about the vulnerability, and how to mitigate the risk.

What does the HiveNightmare vulnerability do? 

If successfully exploited, the vulnerability allows for local privilege escalation through gaining access to the local system and security database files. To gain this type of access, an attacker would need to achieve access to the system first.

What systems are impacted by the HiveNightmare vulnerability? 

According to Microsoft and industry researchers, the vulnerability is limited to the Windows 10 operating systems (build 1809 and above).

ADNET’s Recommendation

There is currently no update from Microsoft to address this vulnerability, but there are manual steps that can be performed as a workaround to mitigate the risk of exploitation. Due to the possibility of privilege escalation if an attack is successful, ADNET considers this to be a critical vulnerability. ADNET recommends the workaround be implemented as soon as possible. As a precaution, we’re already doing this for our managed clients. If you don’t subscribe to our managed services but would like help, feel free to contact us.

If you need more guidance on applying the workaround suggested by Microsoft, the following post contains detailed information and steps.

Next Steps for ADNET Managed Clients

Given the severity of this risk, ADNET has been taking proactive measures for our managed clients since the vulnerability was discovered last week. We will continue to communicate regarding the steps we have already taken (and will be taking) to protect our clients’ systems.

If you have questions or concerns, or if you need help addressing this issue, please don’t hesitate to reach out to us.