Windows “hives” contain registry data, some of it secret. The nightmare is that these files aren’t properly protected against snooping.
As if one Windows Nightmare dogging all our printers were not enough…
…here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry.
Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM.
The moniker HiveNightmare comes from the fact that Windows stores its registry data in a small number of proprietary database files, known in Microsoft jargon as hives or hive files.
These hive files include a trio called SAM, SECURITY and SYSTEM, which between them include secret data including passwords and security tokens that regular users aren’t supposed to be able to access.
They’re kept in a special, and supposedly secure, folder under the Windows directory called C:\Windows\System32\config, as you see here:
C:\Windows\System32\config> dir [. . .] Directory of C:\Windows\System32\config [. . .] 21/07/2021 12:57 524,288 BBI 25/06/2021 06:21 28,672 BCD-Template 21/07/2021 14:45 32,768,000 COMPONENTS 21/07/2021 12:57 786,432 DEFAULT 21/07/2021 12:32 4,194,304 DRIVERS [. . .] 21/07/2021 12:57 65,536 SAM <--some system secrets included 21/07/2021 12:57 32,768 SECURITY <--some system secrets included 21/07/2021 12:57 87,556,096 SOFTWARE 21/07/2021 12:57 11,272,192 SYSTEM <--some system secrets included [. . .] The moniker SeriousSAM comes from the filenameSAM, which is short for Security Account Manager, a name that sounds as serious as the file’s content’s are.
