Skip to main content
  1. Home
  2. Computing

HiveNightmare is a nasty new Windows bug. Here’s how to protect yourself

By

A new bug called ‘HiveNightmare’ reportedly lets anyone with local or remote access to your PC take it over. This is a fairly new and serious flaw in the latest versions of Windows 10, as well as in Windows 11, which is still being tested in the Windows Insiders program.

Using malware, the hacker can gain complete access to your PC without needing an administrative password. The bug originates from an alleged change in the recent versions of Windows 10 and 11 that grants unauthorized users the privilege to access the Security Account Manager (SAM). The SAM is a database that contains both usernames and passwords for local accounts on the operating system.

Recommended Videos

Unauthorized users can access a backed-up version of the SAM in a shadow copy that Windows systems create. A shadow copy is a backup, hidden on the main drive, of a Windows system’s most important files. Your system creates a shadow copy each time it installs a system update or upgrade. So, malware that gets onto a PC via a dodgy-looking email, phishing software, or a malicious web link would be able to locate the SAM file in the shadow copy. Consequently, the user’s password hashes are easily accessible and a hacker will most probably be able to crack the hashes and take over the user’s PC.

Related

Microsoft has already looked into the issue and has warned its users. The company provided a statement to Toms Guide, saying, “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft promises future “mitigations and workarounds” as its investigation progresses.

Along with promising workarounds, the company has suggested a few ways to keep your PC safe right now. These ways include restricting access to the file directory to the SAM, or deleting your shadow copy of Windows. However, the second way could be a pain if you ever need to restore Windows.

Other preemptive measures that you can take include avoiding spammy emails, installing a reliable antivirus, and restricting physical access to your PC by people you don’t trust.

Editors' Recommendations

Topics
Dua Rashid
Dua Rashid
Former Digital Trends Contributor
Dua is a media studies graduate student at The New School. She has been hooked on technology since she was a kid and used to…
Windows 11 has been causing problems with Intel graphics for months, and no one said a word
Microsoft has released a new Windows 11 feature that makes the OS photos app compatible with Apple's iClould.

If you're using Intel integrated graphics and you've been having some issues with DirectX apps, we may know the reason why -- outdated drivers paired with a recent Windows update.

According to Microsoft, a Windows 11 update may have caused some errors in Intel graphics. The update is not recent at all, so even if you haven't updated in the last few weeks, you may be affected.

Read more
Windows 11 vs. Windows 10: finally time to upgrade?
The screen of the Surface Pro 9.

Windows 11 is the newest version of Windows, and it's one of the best Windows versions released. Under the hood, though, it's very similar to Windows 10. We've compared Windows 11 and Windows 10 point for point in order to answer one question: Should you upgrade to the latest Windows OS?

We'll run down the biggest differences between Windows 11 and Windows 10, including how the Windows 11 2H22 Update changes things. Before diving in, keep in mind that Microsoft no longer sells new Windows 10 licenses. If you're upgrading from an older version of Windows, you'll need to go straight to Windows 11.
Windows 11 vs. Windows 10: what's new

Read more
Hacker ranks explode — here’s how you can protect yourself
padlock on keyboard

The number of people that have hacking skills has exploded recently but it's still possible to protect yourself against almost all attacks, according to Microsoft's latest Digital Defense Report.

Microsoft has among the most complete collections of cybersecurity data compiled from Windows computers around the world and has analyzed that information to uncover some interesting insights for 2022. Something immediately obvious from the report is the threat from phishing attacks and ransomware is growing rapidly and at the same time becoming more sophisticated but you can still protect yourself.

Read more