[ad_1]
A free and unofficial patch is now accessible for a zero-day native privilege escalation vulnerability within the Home windows Person Profile Service that lets attackers acquire SYSTEM privileges beneath sure circumstances.
The bug, tracked as CVE-2021-34484, was incompletely patched by Microsoft through the August Patch Tuesday. The corporate solely addressed the affect of the proof-of-concept (PoC) offered by safety researcher Abdelhamid Naceri who reported the problem.
Naceri later found that risk actors might nonetheless bypass the Microsoft patch to raise privileges to realize SYSTEM privileges if sure circumstances are met, getting an elevated command immediate whereas the Person Account Management (UAC) immediate is displayed.
CERT/CC vulnerability analyst Will Dormann examined the CVE-2021-34484 bypass PoC exploit and located that, whereas it labored, it will not all the time create the elevated command immediate. Nevertheless, in BleepingComputer’s exams, it launched an elevated command immediate instantly, as proven under.
Fortunately, the exploit requires attackers to know and log in with different customers’ credentials for exploiting the vulnerability, which suggests that it’s going to seemingly not be as broadly abused as different LPE bugs (together with PrintNightmare).
The dangerous information is that it impacts fully-updated units working all Home windows variations, together with Home windows 10, Home windows 11, and Home windows Server 2022.
Moreover, the researcher instructed BleepingComputer risk actors will solely want one other area account to deploy the exploits in assaults, so it is positively one thing admins ought to be involved about.
After BleepingComputer’s report on the CVE-2021-34484 bypass, Microsoft instructed us that they’re conscious of the problem and “will take applicable motion to maintain prospects protected.”
Exploit launching an elevated command immediate behind UAC immediate (BleepingComputer)
Free patch accessible till Microsoft addresses the bug
Whereas Microsoft continues to be engaged on a safety replace to handle this zero-day flaw, the 0patch micropatching service has launched Thursday a free unofficial patch (often known as a micropatch).
0patch developed the micropatch utilizing the information offered by Naceri in his write-up and PoC for the Home windows Person Profile Service 0day LPE.
You possibly can apply this free patch to dam assaults utilizing the CVE-2021-34484 bypass on the next Home windows variations:
Home windows 10 v21H1 (32 & 64 bit) up to date with October or November 2021 Updates
Home windows 10 v20H2 (32 & 64 bit) up to date with October or November 2021 Updates
Home windows 10 v2004 (32 & 64 bit) up to date with October or November 2021 Updates
Home windows 10 v1909 (32 & 64 bit) up to date with October or November 2021 Updates
Home windows Server 2019 64 bit up to date with October or November 2021 Updates
“Whereas this vulnerability already has its CVE ID (CVE-2021-33742), we’re contemplating it to be with out an official vendor repair and subsequently a 0day,” 0patch co-founder Mitja Kolsek defined. “Micropatches for this vulnerability will likely be free till Microsoft has issued an official repair.”
To put in this unofficial patch in your system, you’ll first must register a 0patch account after which set up the 0patch agent.
When you launch the agent, the micropatch is utilized mechanically (if there isn’t any customized patching enterprise coverage in place blocking it), with out the necessity to reboot the machine.
Whereas this subject in concept additionally impacts older Home windows variations, Kolsek mentioned that “the susceptible code is totally different there, making the window for successful the race situation extraordinarily slim and possibly unexploitable.”
A video demo of the CVE-2021-33742 micropatch in motion is embedded under.
[ad_2]