On Monday, security researcher Jonas Lykkegaard revealed on Twitter that he may have found a serious vulnerability on Windows 11. At first, he thought he was looking…
A hot potato: Just as Microsoft is battling five different security flaws affecting the Windows print spooler, security researchers found the company’s next nightmare — a permissions flaw dubbed HiveNightmare a.k.a SeriousSAM. The new vulnerability is less easily exploited, but a motivated attacker can use it to get the maximum level of access privileges possible in Windows and steal data and passwords. On Monday, security researcher Jonas Lykkegaard revealed on Twitter that he may have found a serious vulnerability on Windows 11. At first, he thought he was looking at a software regression in an Insider build of Windows 11, but he noticed the contents of a database file associated with the Windows Registry were accessible to regular users without elevated privileges. Specifically, Jonas found that he could read the contents of the Security Account Manager (SAM) which holds the hashed passwords for all users on a WIndows PC, as well as that of other Registry databases.
