News & Notes: July 22, 2021

1. Microsoft ACL Privilege Vulnerability dubbed “#SummerOfSAM”, this is a permissions-related fiasco for SAM & SYSTEM hives.
   • Dubbed the “Summer of SAM” there is CVE 2021-#36934 issued for incorrect permissions on Windows 10/11 hives.
     • Bojan Zdrnja (@bojanz) posted to the ISC (Internet Storm Center) first alerting the public here.
     • The issue revolves around SAM and SYSTEM hives. SAM is Security Accounts Manager. SYSTEM User Account is like ‘root’ in Linux, as this account has more privileges than even the admin.
       • SYSTEM users:
         • see & do things the admin can’t.
         • it can stop processes the admin can’t.
         • has a higher integrity level that the admin.
         • can bypass most policies.
   • As Microsoft published the the Knowledge Base here:
     • ”An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
     • ”An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”
     • Microsoft will update this CVE as their investigation moves forward.
     • Current workarounds include restricting access to the contents of system configuration files and deleting VSS (Volume Shadow Copy Service) shadow copies.
     • Note: You must restrict access AND delete shadow copies to prevent exploitation of this vulnerability. Also, note that deleting shadow copies could impact restore operations, including the ability to restore data with 3rd-party backup applications.
2. Cisco Releases Security Updates here

Breaking!!! Akamai DNS Global Outage Takes Down Major Websites, Online Services via Bleeping Computer