Windows 10 vulnerability CVE 2021-36934 (TESTING) v2
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Windows 10 vulnerability CVE 2021-36934 (TESTING)7/21/2021 10:13:29 AM
2Windows 10 vulnerability CVE 2021-36934 (TESTING) v27/23/2021 5:54:11 AM


Windows 10 Elevation of Privilege Vulnerability

CVE 2021-36934

SAM hives readable by everyone account as of Windows 10 (1809)
Current Fixlet relevance includes Windows 10 without limiting to (1809)

Deletes all VSS Shadow copies, as recommended by Microsoft.

Added Windows Server 2019 to relevance after udpates to the Microsoft guidance


Please test well before using as this is community content

Property Details

StatusBeta - Preliminary testing ready for more
TitleWindows 10 vulnerability CVE 2021-36934 (TESTING) v2
SourceAlpha community content
Source Release Date7/21/2021 12:00:00 AM
CVENamesCVE 2021-36934
Keywordsalpha test vulnerability SAM
Added by on 7/23/2021 5:54:11 AM
Last Modified by on 7/23/2021 5:54:11 AM
Counters 801 Views / 27 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.


isWindows (Relevance 1172)
Used in 1142 fixlets and 537 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 2 fixlets   * Results in a true/false
Show indented relevance
exists files "config/SAM" whose (exists entries whose (account name of trustee of it = "Users" and generic read permission of it and not deny type of it) of dacls of security descriptors of it) of native system folder
Used in 1 fixlet   * Results in a true/false
Show indented relevance
name of operating system = "Win10" OR name of operating system = "Win2019"


Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
//redirect to 64 bit versions
action uses wow64 redirection false

//icacls command to add inheritance to current permissions
waithidden cmd.exe /C icacls.exe "{pathname of windows folder}\system32\config\*.*" /inheritance:e

//delete prior VSS shadow copies
waithidden cmd.exe /C vssadmin delete shadows /all /quiet
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here  for vunlerability information from Microsoft
Script Type URL

Action 3

Action Link Click here to information about VSSAdmin to delete shadow copies
Script Type URL

Action 4

Action Link Click here to review this task in the Content Database.
Script Type URL


Social Media:
Share this page on Yammer


Log In or Register to leave comments!
wally121 -
This doesn't work for me. I don't get it. all of the relevance work in QNA but when fails when taking action. any thoughts?
brolly33 -
Thanks @michaell Looks like MS added Server 2019 to the list of effected systems, so I updated the relevance to include it.
michaell -
Tested it and it's working just as hoped and expected. Thanks!