There is a new patch for Windows 10, but it is not from Microsoft

Reading time icon 2 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • An unofficial bug patch for Windows 10 is in circulation.
  • The bug was first reported in October 2020, and researchers speculated that it could take the form of a local privilege vulnerability.
  • Microsoft is yet to fix the bug hence the unofficial release of the patch.
XINSTALL BY CLICKING THE DOWNLOAD FILE
A message from our partner

To fix Windows PC system issues, you will need a dedicated tool

  • Download Fortect and install it on your PC
  • Start the tool's scanning process to look for corrupt files that are the source of your problem
  • Right-click on Start Repair so the tool could start the fixing algorythm
Download from Fortect.com Fortect has been downloaded by 0 readers this month, rated 4.4 on TrustPilot

Bugs are common, and Microsoft usually addresses such in their Patch Tuesday. Still, it seems this particular bug has been unaddressed for a while, such that cybersecurity researchers felt the need to release one.

Originally discovered in 2020, the bug had the potential to take the form of a local privilege vulnerability, but it has been overlooked since then.

Mitja Kolsek, the founder of the 0patch micro patching service, also ignored the vulnerability since it wasn’t critical enough at the time.

Escalation

Currently tracked as CVE-2021-24084, Kolsek details that on a fixed Windows privilege escalation vulnerability tracked as CVE 2021-36934. Under specific conditions, it can have an arbitrary file disclosure and be upgraded for local privilege escalation.

Bug upgrade

Back in November, when the bug was still unpatched, Abdelhamid pointed out in his Twitter that it could be a local privilege escalation vulnerability rather than an information disclosure issue.

Kolsek later confirmed this by using a procedure outlined in a blog post by Raj Chandel and explains why the need arose to patch the bug.

Although the patch is unofficial, it will work on all affected versions of Windows 10. What’s even better is that it will be free of charge until such time that Microsoft releases the official fix.

Have you encountered the nasty bug, and will you be using the unofficial patch? Let us know in the comment section below.