{"id":23742,"date":"2022-03-22T02:51:58","date_gmt":"2022-03-22T01:51:58","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=23742"},"modified":"2022-06-27T09:19:43","modified_gmt":"2022-06-27T07:19:43","slug":"0patch-fixt-erneut-schwachstelle-cve-2021-34484-in-windows-10-server-2019","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/03\/22\/0patch-fixt-erneut-schwachstelle-cve-2021-34484-in-windows-10-server-2019\/","title":{"rendered":"0patch fixes again vulnerability CVE-2021-34484 in Windows 10\/Server 2019"},"content":{"rendered":"

\"Windows\"[German<\/a>]The ACROS Security team around founder Mitja Kolsek has just developed a micro-patch to close a User Profile Service Privilege Escalation vulnerability (CVE-2021-34484) of Windows 10 and Windows Server 2019. It is the third micro-patch, as Microsoft security updates do not close the vulnerability. The micro-patch is available free of charge for all customers with the 0patch agent until Microsoft closes this vulnerability. Here is some information about it.<\/p>\n

<\/p>\n

Windows vulnerability CVE-2021-34484 <\/h2>\n

\"\"In August 2021, Microsoft released security advisory CVE-2021-34484<\/a> on a vulnerability in the Windows User Profile Service. This vulnerability allows Local Privilege Escalation (LPE). However, details of the vulnerability reported by Abdelhamid Naceri (halov) – works for Trend Micro Zero Day Initiative<\/a> – were not provided. At the same time, Microsoft has patched the vulnerabilities via the August 2021 Windows security updates.  <\/p>\n

Security researcher Abdelhamid Naceri then looked into the matter after installing the security update and found that it did not fully close the LPE vulnerability. It was possible for him to bypass the security mechanism introduced by the Microsoft patch. In this episode, ACROS Security had already released a 0patch micro-patch to close the vulnerability – see my blog post 0patch fixes LPE Vulnerability (CVE-2021-34484) in Windows User Profile Service<\/a>. <\/p>\n

New micro-patch for CVE-2021-34484 <\/h2>\n

The team at ACROS Security, which has been providing the 0Patch solution for years, has analyzed the vulnerability several times and found that Microsoft security updates and micro-patches could be bypassed. Now they are providing a third micro-patch to render the vulnerability harmless. Mitja Kolsek drew attention to this solution via Twitter<\/a>. <\/p>\n

\"Windows<\/a># <\/p>\n

Details are described in this March 21, 2022 blog post<\/a> by 0patch. The 0patch micropatches are available free of charge for all customers with 0patch agents for the following Windows versions.  . <\/p>\n

    \n
      \n
    1. Windows 10 v21H1 (32 & 64 bit) <\/b>updated with March 2022 Updates\n
    2. Windows 10 v20H2 (32 & 64 bit)<\/b> <\/b>updated with March 2022 Updates\n
    3. Windows 10 v1909 (32 & 64 bit)<\/b> <\/b>updated with March 2022 Updates\n
    4. Windows Server 2019 64 bit<\/b> <\/b>updated with March 2022 Updates<\/li>\n<\/ol>\n<\/ol>\n

      The patch will be limited to 0patch subscriptions once Microsoft releases a security update to close the vulnerability. Notes on how the 0patch agent, which loads micropatches into memory at an application's runtime, works can be found in blog posts (such as here<\/a>).  <\/p>\n

      Similar articles
      <\/strong><\/strong>      0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674<\/a>
      0patch: Fix for Windows Installer flaw CVE-2020-0683<\/a>
      0patch fix for Windows GDI+ vulnerability CVE-2020-0881<\/a>
      0-day vulnerability in Windows Adobe Type Library<\/a>
      0patch fixes CVE-2020-0687 in Windows 7\/Server 2008 R2<\/a>
      0patch fixes CVE-2020-1048 in Windows 7\/Server 2008 R2<\/a>
      0patch fixes CVE-2020-1015 in Windows 7\/Server 2008 R2<\/a>
      0patch for 0-day RCE vulnerability in Zoom for Windows<\/a>
      Windows Server 2008 R2: 0patch fixes SIGRed vulnerability<\/a>
      0patch fixes CVE-2020-1113 in Windows 7\/Server 2008 R2<\/a>
      0patch fixes CVE-2020-1337 in Windows 7\/Server 2008 R2<\/a>
      0patch fixes CVE-2020-1530 in Windows 7\/Server 2008 R2<\/a>
      0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2<\/a>
      0patch fixes CVE-2020-1062 in Windows 7\/Server 2008 R2<\/a>
      0patch fixes CVE-2020-1300 in Windows 7\/Server 2008 R2<\/a>
      0patch fixes 0-day vulnerability in Windows 7\/Server 2008 R2<\/a>
      0patch fixes CVE-2020-1013 in Windows 7\/Server 2008 R2<\/a>
      0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec<\/a>
      0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability<\/a>
      0patch fixes 0-day in Internet Explorer<\/a>
      0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2<\/a>
      0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)<\/a>
      0Patch provides support for Windows 10 version 1809 after EOL<\/a>
      Windows 10 V180x: 0Patch fixes IE vulnerability CVE-2021-31959<\/a>
      0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)<\/a>
      0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)<\/a>
      0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 6, 2021)<\/a>
      2nd 0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 19, 2021)<\/a>
      Windows 10: 0patch fix for MSHTML vulnerability (CVE-2021-40444)<\/a>
      0patch fixes LPE Vulnerability (CVE-2021-34484) in Windows User Profile Service<\/a>
      0patch fixes LPE vulnerability (CVE-2021-24084) in Mobile Device Management Service<\/a>
      0patch fixes InstallerTakeOver LPE 0-day vulnerability in Windows<\/a>
      0patch fixes ms-officecmd RCE vulnerability in Windows<\/a> <\/p>\n

      0patch fixes RemotePotato0 vulnerability in Windows<\/a><\/h4>\n","protected":false},"excerpt":{"rendered":"

      [German]The ACROS Security team around founder Mitja Kolsek has just developed a micro-patch to close a User Profile Service Privilege Escalation vulnerability (CVE-2021-34484) of Windows 10 and Windows Server 2019. It is the third micro-patch, as Microsoft security updates do … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[69,194],"class_list":["post-23742","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/23742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=23742"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/23742\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=23742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=23742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=23742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}