Lucene search

K
hiveproHive ProHIVEPRO:810C0A801A0950878F0BC43C27E1F429
HistoryDec 01, 2021 - 4:26 a.m.

Microsoft could not patch this vulnerability yet again

2021-12-0104:26:33
Hive Pro
www.hivepro.com
15

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

THREAT LEVEL: Amber.

For a detailed advisory, download the pdf file here.

An improperly patched Windows vulnerability (CVE-2021-24084) can lead to local privilege escalation and information disclosure. The vulnerability was disclosed in October 2020 and even after Microsoft addressed this vulnerability in February 2021’s Patch Tuesday, a researcher was able to exploit the patched vulnerability making it another zero-day made by improper patching.

CVE-2021-24084 was an information disclosure vulnerability in the Windows Mobile Device Management component but later it was discovered that it could be exploited for local privilege escalation that allows an attacker to gain admin privilege and reading arbitrary files even if they don’t have the permissions to do so. All the versions of Windows 10 even after the November patch are affected by this vulnerability.

After examining Microsoft's fix, Abdelhamid Naceri, the security researcher who discovered this vulnerability, discovered a bypass of the patch as well as a more powerful new zero-day privilege elevation vulnerability. He also made the proof-of-concept available to the public.

An unofficial micro patch has been released by 0patch and will be available for free until Microsoft releases an official patch for the vulnerability.

Vulnerability Details

Patch Link

<https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html&gt;

References

<https://threatpost.com/unpatched-windows-zero-day-privileged-file-access/176609/&gt;

<https://thehackernews.com/2021/11/unpatched-unauthorized-file-read.html&gt;

<https://www.techradar.com/sg/news/nasty-windows-10-vulnerability-gets-a-patch-but-not-from-microsoft&gt;

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N