Zero-Day Bug in All Windows Versions Gets Free Unofficial Patch
upstart writes:
Zero-day bug in all Windows versions gets free unofficial patch:
A free and unofficial patch is now available for a zero-day local privilege escalation [(LPE)] vulnerability in the Windows User Profile Service that lets attackers gain SYSTEM privileges under certain conditions.
The bug, tracked as CVE-2021-34484, was incompletely patched by Microsoft during the August Patch Tuesday. The company only addressed the impact of the proof-of-concept (PoC) provided by security researcher Abdelhamid Naceri who reported the issue.
Naceri later discovered that threat actors could still bypass the Microsoft patch to elevate privileges to gain SYSTEM privileges if certain conditions are met, getting an elevated command prompt while the User Account Control (UAC) prompt is displayed.
CERT/CC vulnerability analyst Will Dormann tested the CVE-2021-34484 bypass PoC exploit and found that, while it worked, it would not always create the elevated command prompt. However, in BleepingComputer's tests, it launched an elevated command prompt immediately, as shown below.
Luckily, the exploit requires attackers to know and log in with other users' credentials for exploiting the vulnerability, which means that it will likely not be as widely abused as other LPE bugs (including PrintNightmare).
The bad news is that it impacts all Windows versions, including Windows 10, Windows 11, and Windows Server 2022, even if fully patched.
[...] While Microsoft is still working on a security update to address this zero-day flaw, the 0patch micropatching service has released Thursday a free unofficial patch (known as a micropatch).
Read more of this story at SoylentNews.