Hi,
I am reaching out here on behalf of a customer. It is about the vulnerability CVE 2021 36934 (“Hive Nightmare”) were Microsoft recommends to limit the access to \system32\config.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
Microsoft states there, that their workaround can impact third party backup solutions. That’s why the question came up if the workaround is applied if and how this could have an impact on VM and File System backups.
This is the workaround:
Restrict access to the contents of %windir%\system32\config
Command Prompt (Run as administrator): icacls %windir%\system32\config\*.* /inheritance:e
Windows PowerShell (Run as administrator): icacls $env:windir\system32\config\*.* /inheritance:e
Delete Volume Shadow Copy Service (VSS) shadow copies
-
Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config.
-
Create a new System Restore point (if desired).