cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 22

Re: Detection of hivenightmare aka serioussam

Jump to solution

Hi @Nielsb, @Former Member, @Daveb3d@bodysoda, @Former Member,

Thank you for the post and responses. if this "hivenightmare" corresponds to CVE-2021-36934, We expect this to be covered by Exploit Prevention on ENS via Signature 6143.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Nielsb
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 12 of 22

Re: Detection of hivenightmare aka serioussam

Jump to solution

Hi AdithyanT,

You're welcome!

And I have one open question for McAfee labs regarding  the protection of SYSTEM & SECURITY.

Do you have SNS notification or KB article for all the customers?

 

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 22

Re: Detection of hivenightmare aka serioussam

Jump to solution

Hi @Nielsb,

Thank you for your response. By System and Security may I know if you are referring to best practice KBAs ? May i request you to kindly elaborate further on the requirement for my understanding?

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Nielsb
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 14 of 22

Re: Detection of hivenightmare aka serioussam

Jump to solution

See the link below for more info,

Read access on Windows SAM and also SYSTEM/SECURITY

https://threadreaderapp.com/thread/1417467063883476992.html

The test for vulnerable systems:

icacls C:\Windows\System32\config\sam

icacls C:\Windows\System32\config\system

icacls C:\Windows\System32\config\securty

Re: Detection of hivenightmare aka serioussam

Jump to solution

That signature doesn't stop it. 

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 16 of 22

Re: Detection of hivenightmare aka serioussam

Jump to solution

Hi @Daveb3d,

Thank you for your response. May I know if it would be possible for your to open a Service Request with us to investigate on the same. We would like to know if you can submit your sample/POC for our investigation via the same.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 17 of 22

Re: Detection of hivenightmare aka serioussam

Jump to solution

Hi @Daveb3d,

Thank you for highlighting this, We identified the problem you are referring to. Kindly please bear with us while we are working with our Labs team to get this addressed.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: Detection of hivenightmare aka serioussam

Jump to solution

No rush... I kinda already addressed it above.  😉

bodysoda
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 19 of 22

Re: Detection of hivenightmare aka serioussam

Jump to solution

ETA when the signature will be available? 

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 20 of 22

Re: Detection of hivenightmare aka serioussam

Jump to solution

Hi @bodysoda@Nielsb@Daveb3d, @Former Member, @Former Member,

Thank you for your kind time and patience with us. The resolution is via Exploit rule just like @Daveb3d 's solution here. Please find this published KBA for your kind perusal:

McAfee coverage for July 2021 CVE-2021-36934 "HiveNightmare/SeriousSAM" vulnerability

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community