Windows 10 vulnerability CVE 2021-36934 (TESTING) v2
0 Votes |
Versioning - This is the latest version.
1 | Windows 10 vulnerability CVE 2021-36934 (TESTING) | 7/21/2021 10:13:29 AM |
2 | Windows 10 vulnerability CVE 2021-36934 (TESTING) v2 | 7/23/2021 5:54:11 AM |
Description
Windows 10 Elevation of Privilege Vulnerability
CVE 2021-36934
SAM hives readable by everyone account as of Windows 10 (1809)
Current Fixlet relevance includes Windows 10 without limiting to (1809)
Deletes all VSS Shadow copies, as recommended by Microsoft.
Added Windows Server 2019 to relevance after udpates to the Microsoft guidance
Please test well before using as this is BigFix.me community content
Property Details
26867 | |
Beta - Preliminary testing ready for more | |
Windows 10 vulnerability CVE 2021-36934 (TESTING) v2 | |
BESC | |
Alpha BigFix.me community content | |
7/21/2021 12:00:00 AM | |
CVE 2021-36934 | |
alpha test vulnerability SAM | |
brolly33 on 7/23/2021 5:54:11 AM | |
brolly33 on 7/23/2021 5:54:11 AM | |
3502 Views / 29 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Relevance
isWindows (Relevance 1172)
windows of operating system
Used in 2 fixlets | * Results in a true/false |
exists files "config/SAM" whose (exists entries whose (account name of trustee of it = "Users" and generic read permission of it and not deny type of it) of dacls of security descriptors of it) of native system folder
Used in 1 fixlet | * Results in a true/false |
name of operating system = "Win10" OR name of operating system = "Win2019"
Actions
Action 1 (default)
Action Link Click
here to deploy this action.
Script Type
BigFix Action Script
//redirect to 64 bit versions
action uses wow64 redirection false
//icacls command to add inheritance to current permissions
waithidden cmd.exe /C icacls.exe "{pathname of windows folder}\system32\config\*.*" /inheritance:e
//delete prior VSS shadow copies
waithidden cmd.exe /C vssadmin delete shadows /all /quiet
Success Criteria
This action will be considered successful when the applicability relevance evaluates to false.
Action 2
Action Link Click
here for vunlerability information from Microsoft
Script Type
URL
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
Action 3
Action Link Click
here to information about VSSAdmin to delete shadow copies
Script Type
URL
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/vssadmin-delete-shadows
Action 4
Action Link Click
here to review this task in the bigfix.me Content Database.
Script Type
URL
https://bigfix.me/cdb/fixlet/26866
Sharing
Social Media: |
Comments
|
|
This doesn't work for me. I don't get it. all of the relevance work in QNA but when fails when taking action. any thoughts? |
|
|
Thanks @michaell Looks like MS added Server 2019 to the list of effected systems, so I updated the relevance to include it. |
|
|
Tested it and it's working just as hoped and expected. Thanks! |