Security researchers have identified a new zero-day Local Privilege Escalation vulnerability (CVE-2021-34484) in all Microsoft Windows operating system versions. The vulnerability is being tracked as CVE-2021-34484, which is a partially patched bug in Windows operating system. Since the zero-day Local Privilege Escalation vulnerability affects all new versions of Windows, it is required to know how to fix CVE-2021-34484, a new zero-day Local Privilege Escalation vulnerability.
Microsoft considered the vulnerability as an arbitrary directory-deletion issue and released security patches as part of its August’s months updates. Microsoft concluded the vulnerability was considered a low priority as the attacks needed someone to log in locally into the machine to exploit it.
Later, security researcher Abdelhamid Naceri disclosed that attackers could leverage the same vulnerability to carry out the privilege escalation attacks. In addition to this, Abdelhamid Naceri also found a bypass for the original patch that could be abused to elevate privileges to gain SYSTEM privileges on the target machine. This made this CVE-2021-34484 vulnerability is considered a zero-day.
The best part is, this vulnerability is most likely not widely abused as other local privilege escalation vulnerabilities like PrintNightmare.
As per the report published by Opatch, “The vulnerability lies in the User Profile Service, specifically in the code responsible for creating a temporary user profile folder in case the user’s original profile folder is damaged or locked for some reason. Abdelhamid found that the process (executed as Local System) of copying folders and files from user’s original profile folder to the temporary one can be attacked with symbolic links to create attacker-writable folders in a system location from which a subsequently launched system process would load and execute attacker’s DLL.”
Published by Opatch.
https://twitter.com/KLINIX5/status/1451558296872173577?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1451558296872173577%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fthreatpost.com%2Fwindows-10-privilege-escalation-zero-day-unofficial-fix%2F176313%2F
“The crux of the attack is in quickly creating a symbolic link in the temporary user profile folder (C:\Users\TEMP) so that when the User Profile Service copies a folder from user’s original profile folder, it will end up creating a folder somewhere else – where the attacker would normally not have permissions to create one.”
Published by Opatch.
Opatch has released a video PoC clip that shows the exploitation in live.
Published by
The CVE-2021-34484 vulnerability affects every server and desktop edition including 11 and server 2022.
We are not sure when Microsoft will release patch for the Local Privilege Escalation vulnerability. However, Opatch has released a free unofficial micropatch to address this issue. We recommend installing this patch until Microsoft release the official fix for the issue.Opatch has released the patch for these Windows versions:
Windows 10 v21H1 (32 & 64 bit) updated with October or November 2021 Updates
Windows 10 v20H2 (32 & 64 bit) updated with October or November 2021 Updates
Windows 10 v2004 (32 & 64 bit) updated with October or November 2021 Updates
Windows 10 v1909 (32 & 64 bit) updated with October or November 2021 Updates
Windows Server 2019 64 bit updated with October or November 2021 Updates
Security researcher Abdelhamid Naceri, shared an update on this patched vulnerability. The researcher found the second bypass of this vulnerability, the flaw which Microsoft concluded fully fixed upon rolling out the security updates on January 2022.
In short, the CVE-2021-34484 vulnerability is again a 0-day. Microsoft is yet to acknowledge. however, Opatch has responded to this and said that their micropatch is made free once again until there is a fix from Microsoft. We recommend deploying Opatch on your Windows machines and be protected from the flaw.
Visit Optch and login if you have an account created or register using an email ID.
Note: It’s a free registration.
https://central.0patch.com/auth/login
Download the Opatch agent from here: https://0patch.com/
You do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.
Choose the installation path. If not keep the default.
You will start seeing the number of available updates on the dashboard upon signing in to the agent.
Click on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for the CVE-2021-34484 Vulnerability.
We hope this post would help you in knowing how to fix CVE-2021-34484, a new zero-day Local Privilege Escalation vulnerability. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
You may also like these articles:
How To Fix CVE-2022-22718- A Privilege Escalation Vulnerability In Windows Print Spooler
How to Fix the Windows SeriousSAM Vulnerability (CVE-2021-36934)?
How To Fix CVE-2022-26809- A Critical RCE Vulnerability In Windows RPC Runtime
What is a Privilege Escalation Attack? How To Prevent Privilege Escalation Attacks?
How To Fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10?
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.