Bitdefender Requirement Important

Please read your Security Alerts:

Deployments have reached Customer’s maximum license limit:

Notification Details:

The Customer company XYZ FD has reached the maximum number of endpoints protected by the license key (Company Key).
To protect more endpoints for this company, you should extend its service subscription or add more licenses.
Otherwise your endpoints will not be protected and are subject to malware

Windows Privilege Escalation Vuln Puts Admin Passwords At Risk

July 21 2021

Microsoft has issued a temporary workaround for systems vulnerable to CVE-2021-36934, also known as “HiveNightmare” and “SeriousSAM.”

Microsoft has issued a temporary workaround for a privilege escalation vulnerability that could expose administrator passwords to non-admin users.

CVE-2021-36934, also called “HiveNightmare” and “SeriousSAM,” appears to have been first detected by security researcher Jonas Lykkegaard, Forbes reports. Lykkegaard noticed the Security Account Manager (SAM) file had become read-enabled for all users, meaning an attacker with non-admin privileges could access hashed passwords and elevate privileges.

Lykkegaard and other security researchers found the issue affected the Windows 11 preview as well as Windows 10. Microsoft has confirmed the problem affects Windows 10 version 1809 and newer operating systems and has provided workarounds for systems affected by the flaw.

“An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database,” the company wrote in its CVE.

An attacker who successfully exploited the flaw could run arbitrary code with system privileges and then install programs; view, change, or delete data; or create new accounts with full user rights. They also have the ability to execute code on a target system to exploit the bug. So far Microsoft has not detected exploits in the wild, though it notes exploitation is “more likely.”

Microsoft has stated it will update the CVE as its investigation continues.
Article: Dark Reading

Windows Print Spooler Remote Code Execution Vulnerability

MspPortal Reported the issue on 7-7-2021

For PrintNightmare we currently have the following detections live:
Exploit.RPRN.CVE-2021-1675.PrintNightmare — from our NAD module (I know the CVE in the name differs, but it still detects the attack)
Alert.RPRN.AddPrinterDriver — from our EDR module
We are also working on detection from our behavioral engine. However, that will take a bit more time as it requires extensive testing but will be available soon.

 

Solution 7-12 Bitdefender Solved the issue

Bitdefender technologies will now protect against this vulnerability.