Monday, July 19, 2021

Workaround for Windows 10 SeriousSAM vulnerability

This vulnerability can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. Affected Systems are all OS released since October 2018, starting with Windows 10 1809 and Windows Server 2019.


Restrict access to the contents of %windir%\system32\config:

  1. Open Command Prompt or PowerShell as an administrator.
  2. Run this command:
    • Command Prompt: icacls %windir%\system32\config\*.* /inheritance:e
    •  Windows PowerShell: icacls $env:windir\system32\config\*.* /inheritance:en

And deleting Volume Shadow Copies!