Security flaw in Windows 10 and Windows 11
Microsoft has confirmed just a few hours ago of a new security flaw that affects all versions of its operating system Windows 10 released since 1809 (that is, it affects 1809, 1903, 1909, 2004, 20H2 and 21H1). In addition, it is a fault that was also found present in the latest builds of Windows 11.
This vulnerability, registered as CVE-2021-36934, allows any user, without administrator permissions, to access the critical files of the SAM, SYSTEM and SECURITY system. In this way, any user could get the highest level of privileges within the operating system: SYSTEM.
The files in question affected by this vulnerability are found in C: / Windows / System32 / config.
Once the attacker managed to exploit the vulnerability in a system, he could be able to execute random code in memory. In this way you could install programs, view, change or delete installed programs, and even create new users with administrative permissions.
At the moment there is no solution available to protect us from this serious security breach. Microsoft is already studying the vulnerability and will release a patch, surely, with the new Windows security patches, on August 10. Meanwhile, they recommend limit access to these files and delete the Volume Shadow Copies that may have been created from them.
As if that weren’t enough, Windows is still vulnerable to the Print Spooler failure. Security is not being the protagonist this 2021 within the Microsoft ecosystem.
Sequoia: the Linux security flaw similar to Windows
Interestingly, at the same time, Linux has been affected by a security flaw much like Windows. This vulnerability has been around for longer than Windows, since 2014, and can allow any hacker or malware to gain ROOT privileges on the system.
This new vulnerability has been baptized as Sequoia and has been registered as CVE-2021-33909. Vulnerability affects the default installation of the main distributions of the market, such as Ubuntu (from 20.04 to 21.04), Debian 11, Fedora 34 and even Red Hat Enterprise Linux 6, 7 and 8. Being a bug that has been present in the Linux kernel since 2014, many old versions of the distros , which are not supported, will also be affected.
The same researchers who have found this vulnerability have registered another one for Linux, CVE-2021-33910. This time it is a denial of service failure that can block any program or service, and even cause a Kernel Panic, in systems.
Those responsible for the main distros on the market are already working to launch a patch that protects users as soon as possible. However, at the moment we do not know when it will be available. It should not take long, and updating the Kernel to this new version our Linux system should be secured again.