Thanks to Brock & Joran for their info on how to scan for and mitigate the issue with SeriousSAM, I was able to quickly deal with the situation in our environment. I am curious about what others have observed regarding this. In my environment, there are around 260 machines currently active. Out of those, 42 of the machines do not appear to have the vulnerability, ie the permissions on the system32 folder were already correct. These 42 machines are mostly Windows 10 21H1 builds with a smattering of 20h2 and a 1909 or two. Just wondering if anyone else is seeing machines that dont appear to be affected by the vulnerability and if anyone has any insight on why this would be so?