A group of researchers has released unofficial security patches to address a zero-day vulnerability of local privilege escalation on Windows 10 systems versions 1809 and later. According to reports, this error resides in the “Access to work or school” configuration, and allows evading a patch implemented by the company to address the flaw tracked as CVE-2021-24084.
Researcher Abdelhamid Naceri, who initially reported this flaw, also reported that the bug had been poorly addressed, so CVE-2021-24084 could still be exploited to gain administrator privileges via local access.
In this regard, specialist Mitja Kolsec mentioned: “It is known that an arbitrary file disclosure can lead to local privilege escalation if a specific method is used.” Using the exploit shared by Abdelhamid, the expert and his team were able to execute code with administrator privileges.
Although the vulnerability has been identified by multiple researchers and Microsoft, the company has not corrected the bug, which would allow vulnerable systems to be exposed even though they have the latest updates. Windows systems can only be targeted by this attack if the following conditions are true:
- System protection must be enabled on drive C and at least one restore point must be created. This specific condition could depend on multiple scenarios
- At least one local administrator account must be enabled on the target system
As mentioned above, Microsoft has not issued official security patches, so micropatch service 0patch released a set of unofficial updates for all versions of Windows 10 exposed to this flaw, including:
- Windows 10 v21H1 (32-bit and 64-bit)
- Windows 10 v20H2 (32-bit and 64-bit)
- Windows 10 v2004 (32-bit and 64-bit)
- Windows 10 v1909 (32-bit and 64-bit)
- Windows 10 v1903 (32-bit and 64-bit)
- Windows 10 v1809 (32-bit and 64-bit)
This is the second time that an unofficial patch has been issued to address a zero-day flaw in Windows, as a couple of weeks ago Naceri himself discovered that the CVE-2021-34484 flaw could be exploited to gain elevated privileges on all versions of Windows systems.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.