Security Warnings

Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Microsoft Alert

152

Warning Date: 22 July, 2021

Severity Level ● High

Warning Number: 2021-3240

Target Sector: All

Description:

Microsoft has released a security alert to address a vulnerability in the following products:

  • Windows Server, version 20H2 (Server Core Installation)
  • Windows 10 Version 20H2 for ARM64-based Systems
  • Windows 10 Version 20H2 for 32-bit Systems
  • Windows 10 Version 20H2 for x64-based Systems
  • Windows Server, version 2004 (Server Core installation)
  • Windows 10 Version 2004 for x64-based Systems
  • Windows 10 Version 2004 for ARM64-based Systems
  • Windows 10 Version 2004 for 32-bit Systems
  • Windows 10 Version 21H1 for 32-bit Systems
  • Windows 10 Version 21H1 for ARM64-based Systems
  • Windows 10 Version 21H1 for x64-based Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems

Threats:

Attacker could exploit this vulnerability by escalating their privilege.

Best practice and Recommendations:

The CERT team encourages users to review Microsoft security advisory:

Microsoft also recommends the following:

  1. Restrict access to the contents of %windir%\system32\config
  • Command Prompt (Run as administrator): icacls %windir%\system32\config\*.* /inheritance:e
  • Windows PowerShell (Run as administrator): icacls $env:windir\system32\config\*.* /inheritance:e
  1. Delete Volume Shadow Copy Service (VSS) shadow copies
  • Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config.
  • Create a new System Restore point (if desired).

Last updated at 22 July, 2021