HiveNightmare/SeriousSAM Exploit Info

So you thought we’d get out of July without another zero-day exploit? Think again. You may have seen some articles about HiveNightmare, also known as SeriousSAM. The problem with this exploit is that it would allow a malicious actor, if they are able to access an account with limited local user privileges, to potentially get the hashed passwords and relatively easily use them to elevate their privileges to admin. Once they had admin rights, they’d have keys to the IT kingdom.

Microsoft confirmed the vulnerability as CVE-2021-36934 on July 20 and is actively working on a fix. Suite3 is monitoring communications from Microsoft in this regard and will apply the applicable updates as soon as they are released. In addition, Suite3 is working with the vendors in our security stack on ways to monitor and alert on potential exploitation of this vulnerability, as well as ways to leverage work arounds to limit potential use of this vulnerability in the interim.

We will update this blog with relevant information as it becomes available.

Last update: Monday July 26, 5:27pm