This nasty Windows 10 zero-day vulnerability finally has an unofficial fix
0patch steps up to help Windows once again
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A nasty zero-day Windows vulnerability thatMicrosoft’s has so far been unsuccessful atpatchinghas finally got an unofficial fix.
The CVE-2021-34484 (and later CVE-2022-21919), a 7.8 severity vulnerability allows elevation of privilege inWindows 10,Windows 11, and Windows Server, but has now been fixed by the 0patch team, and is available for download onthis linkfor all registered users.
The flaw was first discovered by security researcher Abdelhamid Naceri, who disclosed it to Microsoft in the summer of 2021, with the company issuing a fix as part of its August 2021 Patch Tuesday.
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.
Click here to start the survey in a new window«
If it’s not broken, don’t try to fix it
However, Naceri soon discovered that the patch itself was flawed, and published a proof-of-concept that showcase how an attacker could still abuse the vulnerability. Where Microsoft failed, 0patch succeeded. However, when Microsoft realized the patch failed, it gave the vulnerability a new tracking ID (CVE-2022-21919) and pushed another fix.
This one, according to Naceri, was “worse than the first” as it removed the initial unofficial fix, putting everyone who had applied it, back in harm’s way.
Windows 11 22H2 Update ‘Sun Valley 2’: everything we know so far>This Windows Server update is causing a bunch of problems>How to fix a stuck Windows update
Now, 0patch has ported the fix, which now works with the March 2022 Patch Tuesday update. Same as with the previous one, this one is free for registered users, as well. Here’s the list of OS versions that can apply it:
Windows 10 v21H1 (32 & 64 bit) updated with March 2022 UpdatesWindows 10 v20H2 (32 & 64 bit) updated with March 2022 UpdatesWindows 10 v1909 (32 & 64 bit) updated with March 2022 UpdatesWindows Server 2019 64 bit updated with March 2022 Updates
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
0patch’s original patch still works on Windows 10 1803, Windows 10 1809, and Windows 10 2004.
There are no evidence of the flaws being abused in the wild withmalware, orviruses, the publication confirmed. The devices that reached end of life did not receive the update.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
I’ve been a Firefox power user since it launched 20 years ago – here’s why it still beats Chrome and Safari
