Originally discovered in 2020, the bug had the potential to take the form of a local privilege vulnerability, but it has been overlooked since then. Mitja Kolsek, the founder of the 0patch micro patching service, also ignored the vulnerability since it wasn’t critical enough at the time.
Escalation
Currently tracked as CVE-2021-24084, Kolsek details that on a fixed Windows privilege escalation vulnerability tracked as CVE 2021-36934. Under specific conditions, it can have an arbitrary file disclosure and be upgraded for local privilege escalation.
Bug upgrade
Back in November, when the bug was still unpatched, Abdelhamid pointed out in his Twitter that it could be a local privilege escalation vulnerability rather than an information disclosure issue. — ComputerExpertOnline (@PC_ExpertOnline) November 29, 2021 Kolsek later confirmed this by using a procedure outlined in a blog post by Raj Chandel and explains why the need arose to patch the bug. Although the patch is unofficial, it will work on all affected versions of Windows 10. What’s even better is that it will be free of charge until such time that Microsoft releases the official fix. Have you encountered the nasty bug, and will you be using the unofficial patch? Let us know in the comment section below.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
