Microsoft Alert
2577Warning Date
Severity Level
Warning Number
Target Sector
22 July, 2021
● High
2021-3240
All
Description:
Microsoft has released a security alert to address a vulnerability in the following products:
- Windows Server, version 20H2 (Server Core Installation)
- Windows 10 Version 20H2 for ARM64-based Systems
- Windows 10 Version 20H2 for 32-bit Systems
- Windows 10 Version 20H2 for x64-based Systems
- Windows Server, version 2004 (Server Core installation)
- Windows 10 Version 2004 for x64-based Systems
- Windows 10 Version 2004 for ARM64-based Systems
- Windows 10 Version 2004 for 32-bit Systems
- Windows 10 Version 21H1 for 32-bit Systems
- Windows 10 Version 21H1 for ARM64-based Systems
- Windows 10 Version 21H1 for x64-based Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows 10 Version 1909 for x64-based Systems
- Windows 10 Version 1909 for 32-bit Systems
- Windows Server 2019 (Server Core installation)
- Windows Server 2019
- Windows 10 Version 1809 for ARM64-based Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
Threats:
Attacker could exploit this vulnerability by escalating their privilege.
Best practice and Recommendations:
The CERT team encourages users to review Microsoft security advisory:
Microsoft also recommends the following:
- Restrict access to the contents of %windir%\system32\config
- Command Prompt (Run as administrator): icacls %windir%\system32\config\*.* /inheritance:e
- Windows PowerShell (Run as administrator): icacls $env:windir\system32\config\*.* /inheritance:e
- Delete Volume Shadow Copy Service (VSS) shadow copies
- Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config.
- Create a new System Restore point (if desired).