- You might not remember CVE-2021-34484, but Microsoft said it was fixed.
- Nothing further from the truth, actually, since it just got straightened out.
- An unofficial patch was the solution to this known Windows 10 vulnerability.
- Check out what versions of Windows 10 really got the fix for CVE-2021-34484.
As many of you may know, some bugs that Microsoft declared as fixed are still being actively exploited and are yet to be completely eliminated.
That being said, the bug we are talking about right now is actually a local privilege escalation (LPE) flaw inside the Windows User Profile service.
Microsoft first acknowledged this vulnerability with the ID CVE-2021-34484 and received a CVSS v3 score of 7.8, and it was supposedly patched through the August 2021 Patch Tuesday update.
CVE-2021-34484 finally got fixed
Security researcher Abdelhamid Naceri, who first dug up this vulnerability back in 2021, was able to bypass the Microsoft-provided security patch.
Microsoft issued its next fix via the January 2022 Patch Tuesday but Naceri once again was able to get around it on all Windows versions except Server 2016.
0patch, which often issues unofficial micropatches for various security bugs, found that its micropatch was not exploitable by this threat.
A certain profext.dll DLL file issued by 0patch was able to fix the issue. However, Microsoft seemingly modified this DLL file and nullified the patch, making users’ systems vulnerable again.
CVE-2021-34484 is again a 0day on supported Windows versions. Affected Windows computers whose official support had already ended (Windows 10 v1803, v1809, and v2004) and have 0patch, did not have this vulnerability reopened.
The security team at 0patch ported their micropatch to the latest profext.dll on the following Windows versions:
- Windows 10 v21H1 (32 & 64 bit) updated with March 2022 Updates
- Windows 10 v20H2 (32 & 64 bit)updated with March 2022 Updates
- Windows 10 v1909 (32 & 64 bit)updated with March 2022 Updates
- Windows Server 2019 64 bit updated with March 2022 Updates
The above-mentioned patch can be faound on their blog, but keep in mind that this is an unofficial workaround.
What is your opinion on this entire situation? Share your thoughts with us in the comments section below.