Jonas Lyk

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions 1809 through 21H1 **Description** An elevation of privilege vulnerability exists due to overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. This allows an attacker to run arbitrary code with SYSTEM privileges, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. The attacker must have the ability to execute code on a victim system to exploit this vulnerability. It is estimated that all versions of Windows 10 released in the last 2.5 years are affected. **Recommendations** For Microsoft Windows versions 1809 through 21H1: Manually delete all shadow copies of system files, including the SAM database, after installing the security update to fully mitigate this vulnerability. Restrict access to the contents of %windir%system32config and delete all system restore points and shadow volumes that existed before access restrictions were put in place. As a temporary workaround, consider restricting access to the vulnerable system files until a patch is available.