Microsoft Windows has recently updated, causing a high-risk Security Vulnerability (CVE-2021-36934) with a CVSS score of over 7 on July 23, 2021. This vulnerability is originated from the loose access policy for some system files, such as the Security Accounts Manager (SAM) databases. Users with malicious intent can use this vulnerability to elevate privileges to execute malicious code, view, change and even delete data, or create a new user account with full authority, etc.
From testing, the devices currently affected are mainly Windows 10 and Windows 11, however from the official information released by Microsoft, Windows Server 2019 is also affected. We must pay special attention to this issue, as there is currently no patch for this update that will safeguard against this vulnerability. As a short-term solution, there is an official workaround. For example, you can delete the affected Volume Shadow Copy Service. (Please refer to: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934)
Looking at this issue from the perspective of PCI DSS Compliance, the CVSS score of this vulnerability, which is 7.8 in Base Score Metrics, is of high-risk as it is a higher score than 7. This should be patched within 30 days if possible. Otherwise, other safeguard solutions must be found. If the ASV (Approved Scanning Vendor) external vulnerability scan encounters this problem, the vulnerability scan will not pass.
In addition, Windows 10 is commonly used as a springboard in the server room. Because of the Windows springboard, this may be assigned to different personnel. It is also important to pay attention whether there are ordinary users who will use this vulnerability for other purposes such as unauthorized activities.
This begs the question: How can one maintain the integrity of your security and systems with this vulnerability? We at Secure Vectors propose the following suggestions:
- Firstly, restrict access to specific system directories and delete backup copies from the Volume Shadow Copy Service (VSS). The reason for doing this is so that the system cannot be restored through backup/restoration tools. During this period while a patch is being developed, you can prevent the restoration operation from happening.
- Temporarily restrict “non-host management authority (Administrator)” personnel from logging into the host. General user accounts are usually able to access the core configuration files, SAM databases, etc. By doing this, non-host management authority personnel will not be able to access these files and thus your organization can avoid attacks from hackers through elevation of authority.
- Remember to update the scanning database of the internal vulnerability scanning tool to the latest version and perform a scan to check if the current tool can identify the problem.
Bryan Cheng
- Payment Card Industry Security, IT Security Management, Cloud Service Management
- Professional Certification:PCI DSS QSA, CISSP, ISO27001 LA, BS10012 LA, MCSE, MCITP, TUViT Privacy Protection Consultant
Secure Vectors Information Technologies Inc., is a consulting firm specialized in providing payment card related security consulting and assessment services. We provide comprehensive payment card related security consulting and certification services, including PCI DSS, PCI 3DS, PCI PIN Security Standards. Also providing personal data protection, GDPR compliance inspection and other consulting services. Headquartered in California, U.S., and with branch offices in Taiwan (Taipei), China (Beijing and Hunan), Vietnam (Hanoi), and Singapore. With over 70 percent market share in Taiwan and 8 years experiences in PCI compliance, we developed compliance management program and collaborating services to fit every business.
- PCI certification: securevectors.com
- SecuCollab collaborating service: secucollab.com
- SecuCompliance management program: www.secucompliance.com
You might also like
*For more information and inquiries please kindly email us at service@securevectors.com , our experts will answer all your questions as soon as possible.