[German]The ACROS Security team around founder Mitja Kolsek has just developed a micro-patch to close a User Profile Service Privilege Escalation vulnerability (CVE-2021-34484) of Windows 10 and Windows Server 2019. It is the third micro-patch, as Microsoft security updates do not close the vulnerability. The micro-patch is available free of charge for all customers with the 0patch agent until Microsoft closes this vulnerability. Here is some information about it.
Windows vulnerability CVE-2021-34484
In August 2021, Microsoft released security advisory CVE-2021-34484 on a vulnerability in the Windows User Profile Service. This vulnerability allows Local Privilege Escalation (LPE). However, details of the vulnerability reported by Abdelhamid Naceri (halov) – works for Trend Micro Zero Day Initiative – were not provided. At the same time, Microsoft has patched the vulnerabilities via the August 2021 Windows security updates.
Security researcher Abdelhamid Naceri then looked into the matter after installing the security update and found that it did not fully close the LPE vulnerability. It was possible for him to bypass the security mechanism introduced by the Microsoft patch. In this episode, ACROS Security had already released a 0patch micro-patch to close the vulnerability – see my blog post 0patch fixes LPE Vulnerability (CVE-2021-34484) in Windows User Profile Service.
New micro-patch for CVE-2021-34484
The team at ACROS Security, which has been providing the 0Patch solution for years, has analyzed the vulnerability several times and found that Microsoft security updates and micro-patches could be bypassed. Now they are providing a third micro-patch to render the vulnerability harmless. Mitja Kolsek drew attention to this solution via Twitter.
Details are described in this March 21, 2022 blog post by 0patch. The 0patch micropatches are available free of charge for all customers with 0patch agents for the following Windows versions. .
- Windows 10 v21H1 (32 & 64 bit) updated with March 2022 Updates
- Windows 10 v20H2 (32 & 64 bit) updated with March 2022 Updates
- Windows 10 v1909 (32 & 64 bit) updated with March 2022 Updates
- Windows Server 2019 64 bit updated with March 2022 Updates
The patch will be limited to 0patch subscriptions once Microsoft releases a security update to close the vulnerability. Notes on how the 0patch agent, which loads micropatches into memory at an application's runtime, works can be found in blog posts (such as here).
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
0patch fixes 0-day vulnerability in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1013 in Windows 7/Server 2008 R2
0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec
0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability
0patch fixes 0-day in Internet Explorer
0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2
0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)
0Patch provides support for Windows 10 version 1809 after EOL
Windows 10 V180x: 0Patch fixes IE vulnerability CVE-2021-31959
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)
0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 6, 2021)
2nd 0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 19, 2021)
Windows 10: 0patch fix for MSHTML vulnerability (CVE-2021-40444)
0patch fixes LPE Vulnerability (CVE-2021-34484) in Windows User Profile Service
0patch fixes LPE vulnerability (CVE-2021-24084) in Mobile Device Management Service
0patch fixes InstallerTakeOver LPE 0-day vulnerability in Windows
0patch fixes ms-officecmd RCE vulnerability in Windows
Cookies helps to fund this blog: Cookie settings