1. Computing

HiveNightmare is a nasty new Windows bug. Here’s how to protect yourself

By

A new bug called ‘HiveNightmare’ reportedly lets anyone with local or remote access to your PC take it over. This is a fairly new and serious flaw in the latest versions of Windows 10, as well as in Windows 11, which is still being tested in the Windows Insiders program.

Using malware, the hacker can gain complete access to your PC without needing an administrative password. The bug originates from an alleged change in the recent versions of Windows 10 and 11 that grants unauthorized users the privilege to access the Security Account Manager (SAM). The SAM is a database that contains both usernames and passwords for local accounts on the operating system.

Unauthorized users can access a backed-up version of the SAM in a shadow copy that Windows systems create. A shadow copy is a backup, hidden on the main drive, of a Windows system’s most important files. Your system creates a shadow copy each time it installs a system update or upgrade. So, malware that gets onto a PC via a dodgy-looking email, phishing software, or a malicious web link would be able to locate the SAM file in the shadow copy. Consequently, the user’s password hashes are easily accessible and a hacker will most probably be able to crack the hashes and take over the user’s PC.

Microsoft has already looked into the issue and has warned its users. The company provided a statement to Toms Guide, saying, “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft promises future “mitigations and workarounds” as its investigation progresses.

Along with promising workarounds, the company has suggested a few ways to keep your PC safe right now. These ways include restricting access to the file directory to the SAM, or deleting your shadow copy of Windows. However, the second way could be a pain if you ever need to restore Windows.

Other preemptive measures that you can take include avoiding spammy emails, installing a reliable antivirus, and restricting physical access to your PC by people you don’t trust.

Editors' Recommendations

The best home security cameras for 2021

What is YouTube TV? Here’s everything you need to know

YouTube TV on Roku TV

Best free antivirus software for 2021

best free antivirus

Even the Surface Laptop Studio doesn’t come with a hardware TPM chip

Internals of Surface Laptop Studio.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Microsoft Surface Duo 2: Everything you need to know

The Microsoft Surface Duo 2 has a triple camera setup.

Fantastic Beasts 3 now has an official title and 2022 release date

Jude Law and Eddie Redmayne in Fantastic Beasts: The Crimes of Grindelwald.

How to pre-order the Microsoft Surface Duo 2

Microsoft Surface Duo 2 feat image.

Fortnite vs. Warzone: Which battle royale should you play?

Characters posing for picture in Warzone.

How to save your weapons and gear in Deathloop

Deathloop styled image.

Microsoft announced the Surface Pro 8 today, so the Surface Pro 7 is super cheap

A close-up of someone using the Microsoft Surface pro 7 in tablet mode.

Sable has the best sound design you’ll hear in a game this year

Sable drives across the desert in a glider.

Midnight Mass review: Haunting series’ follow-up is a holy terror

Hamish Linklater as Father Paul in Midnight Mass.