A New Zero-day Vulnerability Is Impacting All Windows Versions
A New LPE Zero-day Vulnerability Was Recently Discovered.
A security researcher recently revealed technical details for a zero-day privilege elevation vulnerability in Windows and also a public proof-of-concept (PoC) exploit that provides SYSTEM access under certain settings.
As explained by Cezarina, a zero-day exploit refers to the method used by attackers to infiltrate and deploy the malware into a system.
A public proof-of-concept (PoC) attack has been released, along with technical details, for an unpatched Windows zero-day privilege elevation vulnerability that allows users to gain SYSTEM access under certain circumstances.
Fortunately, it seems that in order to exploit the vulnerability take a threat actor must know another person’s user name and password, therefore it is unlikely to be extensively exploited.
This specific vulnerability affects all versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.
A bypass was released to patched vulnerability Microsoft released a security update for a “Windows User Profile Service Elevation of Privilege Vulnerability”. The flaw is tracked as CVE-2021-34484 and it was discovered by security researcher Abdelhamid Naceri.
CVE-2021-34484 bypass as 0dayhttps://t.co/W0gnYHxJ6B
— Abdelhamid Naceri (@KLINIX5) October 22, 2021
As reported by BleepingComputer, after examining the patch, the researcher discovered that it was not sufficient and that he was able to bypass it with a new exploit that he published on GitHub.
Technically, in the previous report CVE-2021-34484. I described a bug where you can abuse the user profile service to create a second junction.
But as I see from ZDI advisory and Microsoft patch, the bug was metered as an arbitrary directory deletion bug.
Microsoft didn’t patch what was provided in the report but the impact of the PoC. Since the PoC I wrote before was horrible, it could only reproduce a directory deletion bug.
Because they simply addressed the symptom of his bug report rather than the root cause, Naceri claims he could update his exploit to establish a junction somewhere else and still gain privilege elevation.
While the User Account Control (UAC) prompt is shown, this exploit will start an elevated command prompt with SYSTEM rights.
This flaw will not be as widely exploited as other privilege elevation vulnerabilities we’ve seen lately as it needs a threat actor to know the user name and password for another user.
Definitely still a problem. And there may be scenarios where it can be abused. But the 2 account requirement probably puts it in the boat of NOT being something that will have widespread use in the wild.