Local Privilege Escalation Vulnerability (0-day) in all Windows Versions

Windows[German]In all Windows versions, including Windows 11 and Windows Server 2022, there is an unpatched Local Privilege Escalation vulnerability. This should have been patched since August 2021, but the security update in question did not close the vulnerability completely. Fortunately, the damage is limited, as exploitability is not very easy.

Windows vulnerability CVE-2021-34484

In August 2021, Microsoft published security advisory CVE-2021-34484 on a vulnerability in Windows User Profile Service. This vulnerability allows Local Privilege Escalation (LPE). However, details of the vulnerability reported by Abdelhamid Naceri (halov) – works for the Trend Micro Zero Day Initiative – were not provided. At the same time, Microsoft has patched the vulnerabilities in the still-supported Windows versions via the August 2021 security updates.

Patch bypassed

Security researcher Abdelhamid Naceri then looked into the matter after installing the security update and found that it did not fully close the LPE vulnerability. It was possible for him to bypass the security mechanism introduced by the Microsoft patch. Naceri points out the issue in the following tweet.

CVE-2021-34484 bypass in Windows

He described the details on GitHub and also submitted a proof of concept (PoC). With the 0-day PoC, he can achieve SYSTEM permissions under certain conditions. Security researcher Will Dormann writes in a tweet that the PoC works.

CVE-2021-34484 bypass in Windows

However, to exploit this PoC, an attacker would need to know a user's credentials. Therefore, the exploitability of the vulnerability should be low. The colleagues from Bleeping Computer have compiled some more information on the topic in this article

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).