They release an unofficial patch for Windows 10 that fixes a vulnerability that Microsoft has been ignoring for thirteen months

Vulnerability CVE-2021-24084 was found by cybersecurity researcher Abdelhamid Naceri, who reported it to Microsoft’s Zero Day Initiative program in October 2020. After that, the corporate contacted him to announce that the April 2021 replace would come with the repair to the identical.

This replace arrived … and Naceri’s Home windows set up continued to point out the vulnerability. At that time, Microsoft notified you that they’d not forgotten concerning the matter, and that be calm as a result of they’d launch a patch in July.

However July got here and once more there was no patch, which is why Naceri selected to explain the vulnerability publicly, on his personal blog.

Simply in case you are questioning … no, within the 5 months since since that final date, the patch has not been launched both neither individually nor as a part of a serious replace. In such a manner that the 0patch micropatch service has lastly opted to give your individual answer to the issue.

For it, have launched an unofficial free micropatch —That’s, not linked to Microsoft— which can be accessible without cost till Microsoft releases the official patch.

If you wish to use this patch, create a free account at 0patch Central, then set up and register 0patch Agent from “every thing else will occur mechanically and it’ll not be essential to restart the pc”.

The affected (and patchable) variations are Home windows 10 builds from 1809 to 21H1

‘’: When MICROSOFT Launched ANTI-GOOGLE Advertisements

A extra severe vulnerability than it appeared at first

Mitja Kolsek, co-founder of the service, defined that they too ignored the vulnerability at first, because it was unfold as an data disclosure error, which is normally not related sufficient to warrant 0patch’s consideration.

“In November, nonetheless, Abdelhamid identified that this bug, nonetheless unpatched, could not simply be an data disclosure downside, however an area privilege escalation vulnerability“.

“We confirmed it utilizing the process described on this submit by Raj Chandel, [descubriendo que] code might be run as native administrator “.

Chandel’s submit references one other vulnerability, HiveNightmare / SeriousSAM, which demonstrated that “arbitrary file disclosure can flip into native privilege escalation if [el atacante] it is aware of what information to entry and what to do with them. ”

To export

Within the vulnerability at hand, the attacker could make use of the content material of the * .CAB file that we create in C: Home windows Temp by urgent the “Export” button in ‘Settings> Entry work or faculty> Export administration log information’.

By way of | 0patch Blog

Be the first to comment

Leave a Reply

Your email address will not be published.