There is a new bug called HiveNightmare that allows anyone with local or remote access to your computer and seize it, and this is a new and somewhat serious flaw in the latest versions of Windows 10, as well as in Windows 11, which is still being tested in the Windows Insiders Program.
Using malware, a hacker can gain full access to a person’s computer without the need for an administrative password, the site added, and the error arose from an alleged change in recent versions of Windows 10 and 11 that grants unauthorized users the privilege to access Security Account Manager. (SAM), SAM is a database that contains both user names and passwords for local accounts on the operating system.
Also, unauthorized users can access a SAM backup in a backup that Windows creates. A backup is a backup, hidden on your main drive, of the most important Windows system files, and your system creates a backup copy each time it installs an update. Or a system upgrade, malware that accesses a computer via your email, phishing program, or malicious web link can locate the SAM file in the backup, so user password hashes can be easily accessed, and the hacker is likely to be able to crack the hash and take over on the user's computer.
The site stated that Microsoft has already looked into the issue and warned its users. The company provided a statement to Toms Guide, saying, An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
Microsoft promises future mitigations and solutions as the investigation progresses.
Besides promising solutions, the company has suggested several ways to keep your computer safe for now, and these methods include restricting file directory access to SAM or deleting your Windows backup. However, the second method can be painful if you ever need to restore Windows.
Other precautions you can take include avoiding spam emails, installing a reliable antivirus, and restricting physical access to your computer by people you don't trust.