A locally exploited Microsoft vulnerability (CVE-2021-34484) has been unofficially fixed by net heroes 0patch. Again. Found several months ago in the Windows User Profile Service, 0patch has done what Microsoft was seemingly unable to do, nullifying the privilege escalation zero-day vulnerability that had been leaving Windows 10, Windows 11, and Windows Server users open to hackers.
When Microsoft failed to fix the bug before, its patch actually ended up breaking 0patch’s previous unofficial patch. There’s a lot of to-ing and fro-ing between coders of different creeds, then, which really isn’t helping. Here’s how it played out:
Discovered and reported by Abdelhamid Naceri, the vulnerability scored a whopping 7.8 on the CVSS v3 danger scale, although we can’t find any reports of the vulnerability having been exploited.
Still, the potential for local attackers to gain admin rights has been very real, and Bleeping Computer notes that, since mid 2021, the vulnerability had been marked as solved several times, despite the vulnerability still existing.
Back in August 2021, just after the vulnerability first came in to view, Naceri noticed the door was left ajar. Microsoft’s official patch only partially fixed the issue, so Naceri sent a PoC (proof of concept) to prove it was still possible to bypass the patch on any version of Windows.
Your next machine
That’s when 0patch appeared with its first unofficial profext.dll patch, which held the fort for a while, until Microsoft tried again in January 2022, marking the bug as fixed. Naceri quickly found a way to get around it, though, and it turned out Microsoft’s fix replaced the file 0patch had added the working patch to.
0patch has now ported the fix for the latest Microsoft patch Tuesday update, so as long as you have a free 0patch Central account, you should be able to get the micro-patch, and undo the foibles of our most beloved Microsoft.
For it’s part, Microsoft has responded to Bleeping Computer with an acknowledgement that “we’re aware of this report and will take action as needed to protect customers.”