0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. The issue doesn’t impact Windows Servers because the vulnerable functionality in not implemented in these OSs.
The issue resides in the “Access work or school” settings of the Mobile Device Management Service. The vulnerability, discovered by the security researcher Abdelhamid Naceri, can be exploited to bypass a patch released by Microsoft in February to address another information disclosure flaw (CVE-2021-24084) reported by the same expert.
Naceri reported this month that the vulnerability has yet to be addressed and can be exploited to escalate privileges.
“Namely, as HiveNightmare/SeriousSAM has taught us, an arbitrary file disclosure can* be upgraded to local privilege escalation if you know which files to take and what to do with them. We confirmed this by using the procedure described in this blog post by Raj Chandel in conjunction with Abdelhamid’s bug – and being able to run code as local administrator.” wrote 0patch co-founder Mitja Kolsek. “Two conditions need to be met in order for the local privilege escalation to work:
0patch released unofficial patches for:
0patch will provide free micropatches for this vulnerability until Microsoft has issued an official patch. Users that want to install the micropatches can create a free account in 0patch Central, then install 0patch Agent from 0patch.com. The company pointed out that no computer reboots will be needed.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Windows)
[adrotate banner=”5″]
[adrotate banner=”13″]
A flaw in O2 4G Calling (VoLTE) leaked user location data via network responses due…
China-linked UnsolicitedBooker used a new backdoor, MarsSnake, to target an international organization in Saudi Arabia.…
The UK’s Legal Aid Agency suffered a cyberattack in April and has now confirmed that…
Cybersecurity Observatory of the Unipegaso's malware lab published a detailed analysis of the Sarcoma ransomware.…
Mozilla addressed two critical Firefox vulnerabilities that could be potentially exploited to access sensitive data…
Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to…
This website uses cookies.