There is a new patch for Windows 10, but it is not from Microsoft

by Don Sharpe
Don Sharpe
Don Sharpe
Author
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • An unofficial bug patch for Windows 10 is in circulation.
  • The bug was first reported in October 2020, and researchers speculated that it could take the form of a local privilege vulnerability.
  • Microsoft is yet to fix the bug hence the unofficial release of the patch.

Bugs are common, and Microsoft usually addresses such in their Patch Tuesday. Still, it seems this particular bug has been unaddressed for a while, such that cybersecurity researchers felt the need to release one.

Originally discovered in 2020, the bug had the potential to take the form of a local privilege vulnerability, but it has been overlooked since then.

Mitja Kolsek, the founder of the 0patch micro patching service, also ignored the vulnerability since it wasn’t critical enough at the time.

Escalation

Currently tracked as CVE-2021-24084, Kolsek details that on a fixed Windows privilege escalation vulnerability tracked as CVE 2021-36934. Under specific conditions, it can have an arbitrary file disclosure and be upgraded for local privilege escalation.

Bug upgrade

Back in November, when the bug was still unpatched, Abdelhamid pointed out in his Twitter that it could be a local privilege escalation vulnerability rather than an information disclosure issue.

Kolsek later confirmed this by using a procedure outlined in a blog post by Raj Chandel and explains why the need arose to patch the bug.

Although the patch is unofficial, it will work on all affected versions of Windows 10. What’s even better is that it will be free of charge until such time that Microsoft releases the official fix.

Have you encountered the nasty bug, and will you be using the unofficial patch? Let us know in the comment section below.