[German]There is an incompletely patched Local Privilege Escalation vulnerability (CVE-2021-34484) in the Windows User Profile Service. Although there has been an update for all Windows versions since August 2021, it does not fully patch the vulnerability. ACROS Security has therefore developed a free 0patch solution to mitigate this vulnerability.
Advertising
The LPE vulnerability (CVE-2021-34484)
In August 2021, Microsoft published security advisory CVE-2021-34484 on a vulnerability in Windows User Profile Service. This vulnerability allows Local Privilege Escalation (LPE). However, details of the vulnerability reported by Abdelhamid Naceri (halov) – works for Trend Micro Zero Day InitiativeInitiative – were not provided. At the same time, Microsoft has patched the vulnerabilities via the August 2021 Windows security updates.
Security researcher Abdelhamid Naceri then looked into the matter after installing the security update and found that it did not fully close the LPE vulnerability. It was possible for him to bypass the security mechanism introduced by the Microsoft patch. Naceri points out the issue in the following tweet.
He described some details on GitHub and also provided a proof of concept (PoC). I had reported about this issue in the blog post Local Privilege Escalation Vulnerability (0-day) in all Windows Versions.
The 0Patch solution for CVE-2021-34484
The team at ACROS Security, which has been providing the 0Patch solution for years, has analyzed the LPE vulnerability CVE-2021-34484 and provided a micropatch to render the vulnerability harmless. Mitja Kolsek drew attention to this free solution via Twitter.
Advertising
More detail may be found in this blog post from November 11, 2021 by 0patch. The 0patch micropatches are available for free for the following products:
- Windows 10 v21H1 (32 & 64 bit) updated with October or November 2021 Updates
- Windows 10 v20H2 (32 & 64 bit) updated with October or November 2021 Updates
- Windows 10 v2004 (32 & 64 bit) updated with October or November 2021 Updates
- Windows 10 v1909 (32 & 64 bit) updated with October or November 2021 Updates
- Windows Server 2019 64 bit updated with October or November 2021 Updates
Notes on how the 0patch agent works, which loads the micropatches into memory at the runtime of an application, can be found in the blog posts (such as here).
Similar articles
Attack via Office Documents on Microsoft MSHTML (ActiveX) RCE Vulnerability (CVE-2021-40444)
MSHTML vulnerability CVE-2021-40444 more critical than known
Disaster Windows MSHTML vulnerability CVE-2021-40444, hopefully a patch will come today
Patch day recap Sept. 2021: Update on MSHTML vulnerability CVE-2021-40444
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
0patch fixes 0-day vulnerability in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1013 in Windows 7/Server 2008 R2
0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec
0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability
0patch fixes 0-day in Internet Explorer
0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2
0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)
0Patch provides support for Windows 10 version 1809 after EOL
Windows 10 V180x: 0Patch fixes IE vulnerability CVE-2021-31959
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)
0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 6, 2021)
2nd 0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 19, 2021)
Windows 10: 0patch fix for MSHTML vulnerability (CVE-2021-40444)
