Hello! 2021 has certainly not been a good year for Windows 10 security. Indeed, we have already warned about security holes in the past. The worst thing is that these flaws are not usually resolved quickly. Sometimes you have to wait for a patch to be released. Particularly on Tuesdays. Precisely, we have recently alerted you to a new Windows security flaw. This hole has been baptized as HiveNightmare. But beyond that, today we will see how to check the security of your computer. Specifically, we will know how to know if your PC is vulnerable to HiveNightmare.
What is HiveNightmare?
This security flaw is present in all Windows versions from 1809 onwards. It is even present in Windows 11. Thanks to this flaw, any user can access critical system files. Even without administrator privileges. Some of these files are SAM, SYSTEM, and SECURITY. Therefore, accessing any user would have high levels of privileges on the system. So you could literally do anything. For example, execute random code in the PC memory. Or change Windows programs. Also, this bug is very similar to Sequoia. Which affects GNU/Linux systems.
At the moment, Microsoft has not released much information about it. However, researchers have released a handy tool. Which allows you to determine if your computer is affected by this vulnerability.
How to know if your PC is vulnerable to HiveNightmare.
This time we will use a simple script. It is available from GitHub. Consequently, we will be able to check the permissions of the SAM, SYSTEM, and SECURITY files. To do this we will run a couple of PowerShell commands. To do so, press the Win+X combination to open PowerShell with administrator privileges.
Then run the following command:
Invoke-WebRequest -URI https://raw.githubusercontent.com/JumpsecLabs/Guidance-Advice/main/SAM_Permissions/SAM_Permissions_Check.ps1 -OutFile ./SAM_Permissions_Check.ps1 -usebasicparsing
This action will allow downloading from PowerShell the script SAM_Permissions_Check.ps1. The download is done from the GitHub servers and only takes a few seconds. Finally, just run the following:
.\SAM_Permissions_Check.ps1
f you have permissions errors, try:
Unblock-File -path C:\path\to\SAM_Permissions_Check.ps1 powershell -exec bypass .\SAM_Permissions_Check.ps1
The script will scan the computer for vulnerabilities. In fact, it will mark in red the affected files. On the other hand, it will show protected files in green.
You can also use the command prompt. With this in mind, run the following command from CMD:
icacls %windir%/system32/config/sam
If a message like BUILTINUsers:(I)(RX) is displayed, then we are in danger. Otherwise, there is no problem.
Resolving vulnerability.
Let’s show you what to do if your computer is at risk. You have to open a CMD with administrator privileges. Then, just run the following commands:
icacls %windir%\system32\config. /inheritance:e vssadmin delete shadows /for=c: /Quiet vssadmin list shadows
The first command activates ACL inheritance. The second deletes shadow copies from the system. Finally, the third command checks that there are no shadow copies on the system. Ultimately we have seen how to find out if the computer is vulnerable to HiveNightmare. Ultimately we have seen how to find out if the PC is vulnerable to HiveNightmare. A better way to keep your computer safe from threats. Bye!
