Skip to content
/ CVE-2021-36934 Public

Windows Elevation of Privilege Vulnerability (SeriousSAM)

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VertigoRay/CVE-2021-36934

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
Discovery.ps1
Discovery.ps1
 
 
README.md
README.md
 
 
Remediation.ps1
Remediation.ps1
 
 

Repository files navigation

CVE described on MSRC. Remediated using ECM (aka SCCM) Config Items:

  • See the remediation and Discovery scripts in repo.
  • Config Item does a boolean $false check for compliance.

Remediation

In production, we found the need to remediate purge copies other than ClientAccessible ones; we've seen Backup and DataVolumeRollback types that couldn't be deleted. Unfortunately, vssadmin cleary states that "only shadow copies that have the ClientAccessible type can be deleted." In order to purge them anyway, we needed to shrink the size of the storage down to the smallest amount allowed (320MB); this will cause Windows to purge the oversized shadow copy. We then bring it back to a normal/unbounded size.

About

Windows Elevation of Privilege Vulnerability (SeriousSAM)

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages