CISA says to urgently patch actively exploited SeriousSAM/HiveNightmare flaw affecting Windows 11
The CISA (US Cybersecurity and Infrastructure Security Agency) has published a list of 15 actively exploited software vulnerabilities, encouraging users of Windows and macOS to install the available patches.
Included in the list is the SeriousSAM vulnerability that is also known as HiveNightmare affects Windows 10 and 11. Tracked as CVE-2021-36934, this is a local privilege escalation vulnerability that makes it possible for an attacker to grab password hashes from the registry and gain admin privileges.
See also:
- Users complain of overheating Windows 11 systems and broken printing after installing KB5010414
- Microsoft warns users to upgrade from Windows 10 20H2 before support ends
- Microsoft is making some important changes to the Windows 11 taskbar with the KB5010414 update
While most home users should find that they already have the necessary patches installed to secure their systems against this and the other vulnerabilities, the CISA warning is really aimed at organizations, businesses and enterprise users.
In a post on its website, the security agency says:
CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
The full list of vulnerabilities added to the CISA catalog reads:
| CVE Number | CVE Title | Remediation Due Date |
| CVE-2021-36934 | Microsoft Windows SAM Local Privilege Escalation Vulnerability | 2/24/2022 |
| CVE-2020-0796 | Microsoft SMBv3 Remote Code Execution Vulnerability | 8/10/2022 |
| CVE-2018-1000861 | Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability | 8/10/2022 |
| CVE-2017-9791 | Apache Struts 1 Improper Input Validation Vulnerability | 8/10/2022 |
| CVE-2017-8464 | Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability | 8/10/2022 |
| CVE-2017-10271 | Oracle Corporation WebLogic Server Remote Code Execution Vulnerability | 8/10/2022 |
| CVE-2017-0263 | Microsoft Win32k Privilege Escalation Vulnerability | 8/10/2022 |
| CVE-2017-0262 | Microsoft Office Remote Code Execution Vulnerability | 8/10/2022 |
| CVE-2017-0145 | Microsoft SMBv1 Remote Code Execution Vulnerability | 8/10/2022 |
| CVE-2017-0144 | Microsoft SMBv1 Remote Code Execution Vulnerability | 8/10/2022 |
| CVE-2016-3088 | Apache ActiveMQ Improper Input Validation Vulnerability | 8/10/2022 |
| CVE-2015-2051 | D-Link DIR-645 Router Remote Code Execution | 8/10/2022 |
| CVE-2015-1635 | Microsoft HTTP.sys Remote Code Execution Vulnerability | 8/10/2022 |
| CVE-2015-1130 | Apple OS X Authentication Bypass Vulnerability | 8/10/2022 |
| CVE-2014-4404 | Apple OS X Heap-Based Buffer Overflow Vulnerability | 8/10/2022 |
CISA adds:
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
More information is available on the CISA website.
Image credit: peshkova / depositphotos