WTF!? Microsoft has made the SAM database on Windows 10 readable for all users with one of the recent patches?

(Can confirm on my recently-patched Windows systems, icacls shows c:\windows\system32\config\sam as readable for Users, instead of an access error.)

Oh, this now has an CVE:

"An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges"

Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!