• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2021-34484- A New Zero-Day Local Privilege Escalation Vulnerability In Microsoft Windows?
How to Fix CVE-2021-34484

Security researchers have identified a new zero-day Local Privilege Escalation vulnerability (CVE-2021-34484) in all Microsoft Windows operating system versions. The vulnerability is being tracked as CVE-2021-34484, which is a partially patched bug in Windows operating system. Since the zero-day Local Privilege Escalation vulnerability affects all new versions of Windows, it is required to know how to fix CVE-2021-34484, a new zero-day Local Privilege Escalation vulnerability.

About CVE-2021-34484- A Zero-Day LPE Vulnerability In Windows

Microsoft considered the vulnerability as an arbitrary directory-deletion issue and released security patches as part of its August’s months updates. Microsoft concluded the vulnerability was considered a low priority as the attacks needed someone to log in locally into the machine to exploit it.

Later, security researcher Abdelhamid Naceri disclosed that attackers could leverage the same vulnerability to carry out the privilege escalation attacks. In addition to this, Abdelhamid Naceri also found a bypass for the original patch that could be abused to elevate privileges to gain SYSTEM privileges on the target machine. This made this CVE-2021-34484 vulnerability is considered a zero-day.

The best part is, this vulnerability is most likely not widely abused as other local privilege escalation vulnerabilities like PrintNightmare.

What Opatch Said About The CVE-2021-34484 Vulnerability?

As per the report published by Opatch, “The vulnerability lies in the User Profile Service, specifically in the code responsible for creating a temporary user profile folder in case the user’s original profile folder is damaged or locked for some reason. Abdelhamid found that the process (executed as Local System) of copying folders and files from user’s original profile folder to the temporary one can be attacked with symbolic links to create attacker-writable folders in a system location from which a subsequently launched system process would load and execute attacker’s DLL.”

Published by Opatch.

“The crux of the attack is in quickly creating a symbolic link in the temporary user profile folder (C:\Users\TEMP) so that when the User Profile Service copies a folder from user’s original profile folder, it will end up creating a folder somewhere else – where the attacker would normally not have permissions to create one.”

Published by Opatch.

Proof Of Concept- CVE-2021-34484

Opatch has released a video PoC clip that shows the exploitation in live.

Published by Opatch

Version Affected By The CVE-2021-34484 Vulnerability

The CVE-2021-34484 vulnerability affects every server and desktop edition including 11 and server 2022.

How To Fix CVE-2021-34484- A Zero-Day Local Privilege Escalation Vulnerability In Windows?

We are not sure when Microsoft will release patch for the Local Privilege Escalation vulnerability. However, Opatch has released a free unofficial micropatch to address this issue. We recommend installing this patch until Microsoft release the official fix for the issue.
Opatch has released the patch for these Windows versions:

  1. Windows 10 v21H1 (32 & 64 bit) updated with October or November 2021 Updates
  2. Windows 10 v20H2 (32 & 64 bit) updated with October or November 2021 Updates
  3. Windows 10 v2004 (32 & 64 bit) updated with October or November 2021 Updates
  4. Windows 10 v1909 (32 & 64 bit) updated with October or November 2021 Updates
  5. Windows Server 2019 64 bit updated with October or November 2021 Updates
See Also  What is the MITRE ATT&CK framework? What is the benefit of using the MITRE ATT&CK framework?

New Updates [22-Mar-2022]:

Security researcher Abdelhamid Naceri, shared an update on this patched vulnerability. The researcher found the second bypass of this vulnerability, the flaw which Microsoft concluded fully fixed upon rolling out the security updates on January 2022.

In short, the CVE-2021-34484 vulnerability is again a 0-day. Microsoft is yet to acknowledge. however, Opatch has responded to this and said that their micropatch is made free once again until there is a fix from Microsoft. We recommend deploying Opatch on your Windows machines and be protected from the flaw.

Time needed: 5 minutes

How to Fix CVE-2021-34484- A Zero-Day LPE Vulnerability in Windows?

  1. Create a free account in Opatch

    Visit Optch and login if you have an account created or register using an email ID.

    Note: It’s a free registration.


    Login to Opatch for free

  2. Download free Opatch agent

    Download the Opatch agent from here: https://0patch.com/

    Download free Opatch agent

  3. Execute the Opatch agent

    You do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.

    Install Opatch agent

  4. Accept License agreement

    Opatch agent- Accept License agreement

  5. Select installation folder

    Choose the installation path. If not keep the default.

    Opatch agent- Seclect installation path

  6. Confirm installation

    Opatch agent- Confirm installation

  7. Finish Opatch agent installation

    Finish Opatch agent installation

  8. Sign into Opatch agent

    Sign into Opatch agent

  9. Opatch dashboard

    You will start seeing the number of available updates on the dashboard upon signing in to the agent.

    Opatch dashboard

  10. Patch applied for the CVE-2021-34484 Vulnerability

    Click on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for the CVE-2021-34484 Vulnerability.

    How to Fix CVE-2021-34484

We hope this post would help you in knowing how to fix CVE-2021-34484, a new zero-day Local Privilege Escalation vulnerability. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

Recommend Products for You

We have some computer accessory recommendations that we think you’ll find useful. These are products we’ve personally selected that we believe are must-haves for any computer. Take a moment to look through the list – you can click on any item to view more details or purchase it directly from Amazon. Whether you’re just getting started with your computer or looking to expand its capabilities, we’re confident you’ll find something helpful among our top picks. Let us know if you have any other questions!

Declaimer: The below products contain affiliate links. We may receive a small commission if you purchase through these links at no additional cost to you. You can read our full affiliate disclosure here.

Read More:

About the author

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.