[German]In all Windows versions, including Windows 11 and Windows Server 2022, there is an unpatched Local Privilege Escalation vulnerability. This should have been patched since August 2021, but the security update in question did not close the vulnerability completely. Fortunately, the damage is limited, as exploitability is not very easy.
Windows vulnerability CVE-2021-34484
In August 2021, Microsoft published security advisory CVE-2021-34484 on a vulnerability in Windows User Profile Service. This vulnerability allows Local Privilege Escalation (LPE). However, details of the vulnerability reported by Abdelhamid Naceri (halov) – works for the Trend Micro Zero Day Initiative – were not provided. At the same time, Microsoft has patched the vulnerabilities in the still-supported Windows versions via the August 2021 security updates.
Security researcher Abdelhamid Naceri then looked into the matter after installing the security update and found that it did not fully close the LPE vulnerability. It was possible for him to bypass the security mechanism introduced by the Microsoft patch. Naceri points out the issue in the following tweet.
He described the details on GitHub and also submitted a proof of concept (PoC). With the 0-day PoC, he can achieve SYSTEM permissions under certain conditions. Security researcher Will Dormann writes in a tweet that the PoC works.
However, to exploit this PoC, an attacker would need to know a user's credentials. Therefore, the exploitability of the vulnerability should be low. The colleagues from Bleeping Computer have compiled some more information on the topic in this article.
Cookies helps to fund this blog: Cookie settings