A locally exploited Microsoft vulnerability (CVE-2021-34484) has been unofficially patched by net heroes 0patch. Again. Found several months ago in the Windows User Profile Service, 0patch did what Microsoft apparently failed to do, nullifying the zero-day privilege escalation vulnerability that was leaving Windows 10, Windows 11, and Windows Server users open. to hackers.
When Microsoft failed to fix the bug before, their patch ended up breaking 0patch’s previous unofficial patch. There’s a lot of back-and-forth between coders of different faiths, so that’s really not helping. Here’s how it unfolded:
Discovered and reported by Abdelhamid Nacerithe vulnerability scored an impressive 7.8 on the CVSS v3 danger scale, although we cannot find any reports that the vulnerability was exploited.
Still, the potential for local attackers to gain admin rights has been very real and computer beeping notes that since mid-2021, the vulnerability has been marked as resolved several times, despite the vulnerability still existing.
In August 2021, shortly after first viewing the vulnerability, Naceri noticed that the door was ajar. Microsoft’s official patch only partially fixed the problem, so Naceri submitted a PoC (proof of concept) to prove that it was still possible to work around the patch on any version of Windows.
That’s when 0patch came out with its first unofficial profext.dll patch, which kept it strong for a while, until Microsoft tried again in January 2022, marking the bug as fixed. However, Naceri quickly found a way around this, and it turned out that Microsoft’s patch replaced the file that 0patch had added the working patch to.
0patch has now ported to correction for the latest patch update from Microsoft Tuesday, as long as you have a 0patch Central account, you should be able to get the micro-patch, and undo the weaknesses of our most beloved Microsoft.
For its part, Microsoft responded to Bleeping Computer with an acknowledgment that “we are aware of this report and will take necessary steps to protect customers.”