CVE-2021-36934 Windows Elevation of Privilege Vulnerability

Cr00zng · 21 Jul 2021

System restore is disabled on my systems:

CVE-2021-36934 Windows Elevation of Privilege Vulnerability-vss_shadow.png

Running the MS recommended script as workaround for this vulnerability results in an error:

CVE-2021-36934 Windows Elevation of Privilege Vulnerability-icalcs.png

Any reason why this error showing up on my system?

TIA...

wyldman68 · 21 Jul 2021

When I try to access \%windir%\system32\config folder I am asked to give Admin permission to access this folder. That is why the command fails. I am going to leave the folder alone, my guess is someone has changed the perms on that folder and thinks there is an issue. But could be, because you are running VSS. I am not running VSS.

Cr00zng · 21 Jul 2021

wyldman68 said:

When I try to access \%windir%\system32\config folder I am asked to give Admin permission to access this folder. That is why the command fails. I am going to leave the folder alone, my guess is someone has changed the perms on that folder and thinks there is an issue. But could be, because you are running VSS. I am not running VSS.

Yes, both the command line and PowerShell had admin access. Just to be certain, logged out and logged in as an admin, but it did not make a difference. The error message states, that the file is not found.

The VSS service isn't running either; maybe the syntax is incorrect?

crad · 21 Jul 2021

In PowerShell try running this command "icacls $env:windir\system32\config\*.* /inheritance:e"
Variables in PowerShell work differently than in a cmd line.

0hwell · 23 Jul 2021

you have to run both the Command Prompt and PowerShell in administrator mode. For Command Prompt go to the start menu, windows system folder and right-click on the Command Prompt chose more than run as administrator.