Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds
Apple sues spyware-maker NSO Group, notifies iOS exploit targets
Germany to force ISPs to give discounts for slow Internet speeds
Microsoft Defender for Endpoint fails to start on Windows Server
Get unlimited access to 210 top Mac apps for $42 this Black Friday
The Best Cyber Monday 2021 Security, IT, VPN, & Antivirus Deals
New Windows 10 zero-day gives admin rights, gets unofficial patch
Dual screen monitors for your laptop are on sale this Black Friday
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
New Windows 10 MDM privesc zero-day gets a free micropatch
Free unofficial patches have been released to protect Windows users from a local privilege escalation (LPE) zero-day vulnerability in the Mobile Device Management Service impacting Windows 10, version 1809 and later.
The security flaw resides under the “Access work or school” settings, and it bypasses a patch released by Microsoft in February to address an information disclosure bug tracked as CVE-2021-24084.
However, security researcher Abdelhamid Naceri (who also reported the initial vulnerability) discovered this month that the incompletely patched flaw could also be exploited to gain admin privileges after publicly disclosing the newly spotted bug in June. 
“Namely, as HiveNightmare/SeriousSAM has taught us, an arbitrary file disclosure can be upgraded to local privilege escalation if you know which files to take and what to do with them,” 0patch co-founder Mitja Kolsek explained today.
“We confirmed this by using the procedure described in this blog post by Raj Chandel in conjunction with Abdelhamid’s bug – and being able to run code as local administrator.”
While Microsoft has most likely also noticed Naceri’s June disclosure, the company is yet to patch this LPE bug, exposing Windows 10 systems with the latest November 2021 security updates to attacks.
Luckily, attackers can only exploit the vulnerability if two very specific conditions are met:
Until Microsoft releases security updates to address this security issue (likely during next month’s Patch Tuesday), the 0patch micropatching service has released free and unofficial patches for all affected Windows 10 versions (Windows 10 21H2 is also impacted but is not yet supported by 0patch):
“Windows Servers are not affected, as the vulnerable functionality does not exist there. While some similar diagnostics tools exist on servers, they are being executed under the launching user’s identity, and therefore cannot be exploited,” Kolsek added.
“Windows 10 v1803 and older Windows 10 versions don’t seem to be affected either. While they do have the ‘Access work or school’ functionality, it behaves differently and cannot be exploited this way. Windows 7 does not have the ‘Access work or school’ functionality at all.”
We’d like to thank Abdelhamid Naceri (@KLINIX5) for finding this issue and sharing details, which allowed us to create a micropatch and protect our users.
To install the unofficial patch on your system, you will need to register a 0patch account and install the 0patch agent.
Once you launch the agent on your device, the patch will be applied automatically (if there are no custom patching enterprise policies enabled to block it) without requiring a restart.
This is the second Windows zero-day that received a micropatch this month after Naceri found that patches for another bug (CVE-2021-34484) in the Windows User Profile Service could be bypassed to escalate privileges on all Windows versions, even if fully patched.
Microsoft also needs to patch a third zero-day bug in the Microsoft Windows Installer with a proof-of-concept (PoC) exploit released by Naceri over the weekend.
If successfully exploited, the zero-day allows attackers to gain SYSTEM privileges on up-to-date devices running the latest Windows versions, including Windows 10, Windows 11, and Windows Server 2022.
Malware creators have since started testing the PoC exploit in low volume attacks likely focused on testing and tweaking it for future full-blown campaigns.
Zero-day bug in all Windows versions gets free unofficial patch
Malware now trying to exploit new Windows Installer zero-day
Chinese hackers use Windows zero-day to attack defense, IT firms
New Windows zero-day with public exploit lets you become an admin
All Windows versions impacted by new LPE zero-day vulnerability
Not a member yet? Register Now
IKEA email systems hit by ongoing cyberattack
TrickBot phishing checks screen resolution to evade researchers
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Google Chrome 96 breaks Twitter, Discord, video rendering and more

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…

The Week in Ransomware – December 3rd 2021 – Seizing Bitcoin

FBI: Cuba ransomware breached 49 US critical infrastructure orgsResearchers discover 14 new…

Here are the new Emotet spam campaigns hitting mailboxes worldwide

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…

Fujitsu pins Japanese govt data breach on stolen ProjectWEB accounts

Emotet now drops Cobalt Strike, fast forwards ransomware attacksSonicWall ‘strongly urges’ customers…