During the late August Patch Tuesday Microsoft uncompletely patched a zero-day bug that goes by the identification CVE-2021-34484. The company only fixed the impact of the proof-of-concept (PoC). Earlier security researcher Abdelhamid Naceri made a report on the issue. This uncompletely patched bug affects all Windows versions, including Windows 10, Windows 11, and Windows Server 2022. In the Windows User Profile Service it allows potential attackers to gain SYSTEM privileges under certain conditions.
Microsoft uncompletely fixed the patch during last August Patch Tuesday
Abdelhamid Naceri discovered lately that attackers could still bypass the Microsoft patch to elevate privileges to gain SYSTEM privileges under certain conditions, getting an elevated command prompt while the User Account Control (UAC) prompt displays itself. CERT/CC vulnerability analyst Will Dormann then checked the CVE-2021-34484 bypass PoC exploit. He discovered that it would not always create the elevated command prompt.
However, cyber security specialists point out that the bug won’t likely be exploited as it requires attackers to know and log in with other users’ credentials for exploiting the vulnerability. Microsoft acknowledged the existing problem and “will take appropriate action to keep customers protected.” Whilst the company is working on the problem, the 0patch micropatching service has released Thursday a free unofficial patch ( also known as a micropatch).
“While this vulnerability already has its CVE ID (CVE-2021-33742), we’re considering it to be without an official vendor fix and therefore a 0day,” 0patch co-founder Mitja Kolsek says. “Micropatches for this vulnerability will be free until Microsoft has issued an official fix.”
In order to use the free patch you will first need to register a 0patch account and then begin the installation process of the 0patch agent. Once the installation finishes itself, the micropatch will be applied automatically (if there is no custom patching enterprise policy in place blocking it). You won`t need to reboot your device.
Windows users can get free unofficial fix
The users of the following Windows versions can apply this free patch to block attacks using the CVE-2021-34484 bypass: