How To Fix CVE-2021-34484- A New Zero-Day Local Privilege Escalation Vulnerability In Microsoft Windows?

Security researchers have identified a new zero-day Local Privilege Escalation vulnerability (CVE-2021-34484) in all Microsoft Windows operating system versions. The vulnerability is being tracked as CVE-2021-34484, which is a partially patched bug in Windows operating system. Since the zero-day Local Privilege Escalation vulnerability affects all new versions of Windows, it is required to know how to fix CVE-2021-34484, a new zero-day Local Privilege Escalation vulnerability.

About CVE-2021-34484- A Zero-Day LPE Vulnerability In Windows

Microsoft considered the vulnerability as an arbitrary directory-deletion issue and released security patches as part of its August’s months updates. Microsoft concluded the vulnerability was considered a low priority as the attacks needed someone to log in locally into the machine to exploit it.

Later, security researcher Abdelhamid Naceri disclosed that attackers could leverage the same vulnerability to carry out the privilege escalation attacks. In addition to this, Abdelhamid Naceri also found a bypass for the original patch that could be abused to elevate privileges to gain SYSTEM privileges on the target machine. This made this CVE-2021-34484 vulnerability is considered a zero-day.

The best part is, this vulnerability is most likely not widely abused as other local privilege escalation vulnerabilities like PrintNightmare.

What Opatch Said About The CVE-2021-34484 Vulnerability?

As per the report published by Opatch, “The vulnerability lies in the User Profile Service, specifically in the code responsible for creating a temporary user profile folder in case the user’s original profile folder is damaged or locked for some reason. Abdelhamid found that the process (executed as Local System) of copying folders and files from user’s original profile folder to the temporary one can be attacked with symbolic links to create attacker-writable folders in a system location from which a subsequently launched system process would load and execute attacker’s DLL.”
Published by Opatch.

https://twitter.com/KLINIX5/status/1451558296872173577?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1451558296872173577%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fthreatpost.com%2Fwindows-10-privilege-escalation-zero-day-unofficial-fix%2F176313%2F

“The crux of the attack is in quickly creating a symbolic link in the temporary user profile folder (C:\Users\TEMP) so that when the User Profile Service copies a folder from user’s original profile folder, it will end up creating a folder somewhere else – where the attacker would normally not have permissions to create one.”
Published by Opatch.

Proof Of Concept- CVE-2021-34484

Opatch has released a video PoC clip that shows the exploitation in live.

Published by

Version Affected By The CVE-2021-34484 Vulnerability

The CVE-2021-34484 vulnerability affects every server and desktop edition including 11 and server 2022.

How To Fix CVE-2021-34484- A Zero-Day Local Privilege Escalation Vulnerability In Windows?

We are not sure when Microsoft will release patch for the Local Privilege Escalation vulnerability. However, Opatch has released a free unofficial micropatch to address this issue. We recommend installing this patch until Microsoft release the official fix for the issue.Opatch has released the patch for these Windows versions:

New Updates [22-Mar-2022]:

Security researcher Abdelhamid Naceri, shared an update on this patched vulnerability. The researcher found the second bypass of this vulnerability, the flaw which Microsoft concluded fully fixed upon rolling out the security updates on January 2022.

In short, the CVE-2021-34484 vulnerability is again a 0-day. Microsoft is yet to acknowledge. however, Opatch has responded to this and said that their micropatch is made free once again until there is a fix from Microsoft. We recommend deploying Opatch on your Windows machines and be protected from the flaw.

Step 1. Create a free account in Opatch

Visit Optch and login if you have an account created or register using an email ID.

Note: It’s a free registration.
https://central.0patch.com/auth/login

Step 2. Download free Opatch agent

Download the Opatch agent from here: https://0patch.com/

Step 3. Execute the Opatch agent

You do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.

Step 4. Accept License agreement

Step 5. Select installation folder

Choose the installation path. If not keep the default.

Step 6. Confirm installation

Step 7. Finish Opatch agent installation

Step 8. Sign into Opatch agent

Step 9. Opatch dashboard

You will start seeing the number of available updates on the dashboard upon signing in to the agent.

Step 10. Patch applied for the CVE-2021-34484 Vulnerability

Click on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for the CVE-2021-34484 Vulnerability.

We hope this post would help you in knowing how to fix CVE-2021-34484, a new zero-day Local Privilege Escalation vulnerability. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.

You may also like these articles: