• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10?
How to Fix CVE-2021-24084 Vulnerability In Windows 10

Security researchers recently disclosed an Information discloser vulnerability (CVE-2021-24084) in Windows 10, enabling an attacker to gain unauthorized file system access and read arbitrary files on the vulnerable system. Microsoft has released the patch in Feb 2021. Unfortunately, the patch has failed to fully fix the CVE-2021-24084 vulnerability. However, there is an unofficial patch released by Opatch which could be used as a workaround until Microsoft address this issue. Let’s see how to fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10.

Windows Affected By CVE-2021-24084:

The good news is that the no Windows server operating systems are affected as the “Access work or school” vulnerable functionality doesn’t exist on the server operating system. No need to worry about the server platform. This vulnerability affects Windows 10 operating system, which is the most used Windows operating system these days. However, the vulnerability doesn’t affect the Windows 10 v1803 and older. Since the vulnerable functionality “Access work or school” works in a different way in Windows 10 v1803 and older. Windows 7 users do not need to worry since it doesn’t have “Access work or school” functionality at all.

You should fix the CVE-2021-24084 vulnerability if you are running Windows 10 v1809 and subsequent releases. Here you see the list of Windows 10 vulnerable to the Information Discloser Vulnerability.

  1. Windows 10 v21H1 (32 & 64 bit) updated with November 2021 Updates
  2. Windows 10 v20H2 (32 & 64 bit) updated with November 2021 Updates
  3. Windows 10 v2004 (32 & 64 bit) updated with November 2021 Updates
  4. Windows 10 v1909 (32 & 64 bit) updated with November 2021 Updates
  5. Windows 10 v1903 (32 & 64 bit) updated with November 2021 Updates
  6. Windows 10 v1809 (32 & 64 bit) updated with May 2021 Updates

Summary Of CVE-2021-24084- Information Discloser Vulnerability In Windows 10:

According to NVD, the vulnerability scores 5.5 Medium in CVSS v3.0. However, we expect that the score could be increased and categorized ‘High’ considering the vulnerability could lead to local privilege elevation attacks.

Associated CVE IDCVE-2021-24084
DescriptionA pre-authentication buffer overflow vulnerability allows network-adjacent attackers to execute arbitrary code on affected Netgear products.
Associated ZDI ID
CVSS Score5.5 MEDIUM
VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score3.6
Exploitability Score1.8
Attack Vector (AV)Local
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
Confidentiality (C)High
Integrity (I)None
availability (a)None

The vulnerability was first identified in Oct 2020 by Abdelhamid Naceri and reported to Trend Micro’s Zero Day Initiative (ZDI) program. Then ZDI reported the flaw to Microsoft. Microsoft acknowledged the flaw and released the patch in Feb 2021 as part of its monthly security updates. However, the researcher noticed that the flaw wasn’t fixed by any means and reported it to ZDI again. After multiple follow-ups, Microsoft finally released the fix in its July 2021 monthly security updates. But, after examination, Abdelhamid Naceri said in his blog that he discovered the flaw again and reported it to ZDI in Oct 2021. Microsoft is yet to fix the vulnerability, making it a zero-day bug. However, Opatch has released a micropatch to stop abusing the vulnerability to its users. Please visit this post, “How to Fix CVE-2021-34484” to install Opatch agent on Windows 10 to fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10.

We recommend following Abdelhamid Naceri’s blog, where the researcher recently disclosed the Local Privilege Elevation (LPE) vulnerability in the patch released to fix the CVE-2021-41379. And also, follow Opatch’s blog for upcoming updates on the Windows zero-day vulnerabilities.

Technical Details Of The Information Discloser Vulnerability In Windows 10:

The vulnerability associated with “access work or school” functionality in Windows settings. It can be triggered by clicking on “Export your management log files” on the right top corner of the settings window. As soon as you click on the “Export,” Windows will trigger the Device Management Enrollment Service. 

The Device Management Enrollment Service copies some log files to the C:\ProgramData\Microsoft\MDMDiagnostics folder, then packs them into a CAB file. Before the CAB file is stored in the C:\Users\Public\Public Documents\MDMDiagnostics folder, the CAB file will be temporarily copied to C:\Windows\Temp folder. 

“It is the copying to C:\Windows\Temp folder that is vulnerable. Namely, a local attacker can create a soft link (junction) there with a predictable file name that will be used in the above-described process, pointing to some file or folder they want to have copied to the CAB file. Since the Device Management Enrollment Service runs as Local System, it can read any system file that the attacker can’t”.

Posted by Mitja Kolsek on November 26, 2021

Please find Proof of Concept and more technical details on this page.

How To Fix CVE-2021-24084 Vulnerability In Windows 10?

Time needed: 5 minutes.

How to Fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10?

  1. Create a free account in Opatch

    Visit Optch and login if you have an account created or register using an email ID.

    Note: It’s a free registration.

    https://central.0patch.com/auth/login


    Login to Opatch for free

  2. Download free Opatch agent

    Download the Opatch agent from here: https://0patch.com/

    Download free Opatch agent

  3. Execute the Opatch agent

    You do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.

    Install Opatch agent

  4. Accept License agreement

    Opatch agent- Accept License agreement

  5. Select installation folder

    Choose the installation path. If not keep the default.

    Opatch agent- Seclect installation path

  6. Confirm installation

    Opatch agent- Confirm installation

  7. Finish Opatch agent installation

    Finish Opatch agent installation

  8. Sign into Opatch agent

    Sign into Opatch agent

  9. Opatch dashboard

    You will start seeing the number of available updates on the dashboard upon signing in to the agent.

    Opatch dashboard-2

  10. Patch applied for the CVE-2021-24084 Vulnerability

    Click on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for the CVE-2021-24084 Vulnerability.

    How to Fix (CVE-2021-24084) Information Discloser Vulnerability In Windows 10

We hope this post will help you in knowing how to fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

About the author

Arun KL

To know more about me. Follow me on LinkedIn
Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.