Nasty Windows 10 vulnerability gets a patch, but not from Microsoft
Bug is more dangerous than initially thought, says researcher who found the vulnerability
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurityresearchers have released an unofficial patch for a bug inWindows 10, originally reported toMicrosoftin October 2020, which later research revealed could take the form of a local privilege vulnerability as well.
Issuing the free micropatch, Mitja Kolsek, co-founder of the 0patch micropatching service, explains that it too overlooked the vulnerability initially since it was disclosed as an information disclosure bug, which normally isn’t critical enough to warrant attention from 0patch.
The vulnerability, tracked as CVE-2021-24084, was discovered by security researcher Abdelhamid Naceri, whobloggedabout it in June 2021, detailing its working and noting how it hadn’t yet been fixed by Microsoft.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Click here to start the survey in a new window«
An upgraded bug
Kolsek banks on a fixed Windows privilege escalation vulnerability, tracked as CVE 2021-36934, to suggest that under certain specific conditions, an arbitrary file disclosure can be upgraded and abused for local privilege escalation.
“In November, however, Abdelhamidpointed outthat this - still unpatched - bug may not be just an information disclosure issue, but a local privilege escalation vulnerability….We confirmed this by using the procedure described inthis blog post by Raj Chandelin conjunction with Abdelhamid’s bug - and being able to run code as local administrator,”writes Kolsek, explaining the need to patch the bug.
The unofficial micropatch will work on all affectedWindows 10versions, and as is usual, will be available for free until Microsoft releases an official fix for the issue.
Ensure your systems remain secure and updated using one of thesebest patch management tools
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well
