The vulnerability of local privilege escalation in Windows OS, which Microsoft cannot completely eliminate for several months, has received an unofficial patch. Exploiting the issue allows users to gain administrator privileges in Windows 10, Windows 11, and Windows Server.
A locally used vulnerability in the Windows User Profile Service (CVE-2021-34484) received a score of 7.8 points on the CVSS v3 scale. The peculiarity of this case is that Microsoft has not been able to fix the vulnerability since it was discovered last summer and has marked the bug as fixed twice.
According to the 0patch team, which unofficially provides fixes for outdated versions of Windows and some vulnerabilities, the problem still remains uncorrected. Microsoft patches not only failed to fix the bug, but also disabled the unofficial fix from 0patch.
The vulnerability was discovered by cybersecurity researcher Abdelhamid Naceri. The tech giant fixed the problem during the August 2021 Patch Tuesday. Shortly after, Naseri noticed that the Microsoft patch did not completely solve the problem, and introduced PoC code to exploit a vulnerability that bypasses the patch in all versions of Windows.
After the publication of Naseri, the 0patch command released unofficial security update for all versions of Windows.
Microsoft responded to Naseri’s PoC code with the second security update released during the January 2022 Patch Tuesday by assigning a new identifier (CVE-2022-21919) and marking the issue as fixed. However, Naseri found a way around this patch, noting that the situation has become even worse.
As it turned out, the first patch is 0patch for the DLL library profext.dll still protected users from the new method of exploitation, allowing systems to remain safe. However, Microsoft’s second fix attempt replaced the file profext.dll , which led to the removal of an unofficial fix for everyone who applied Windows updates for January 2022.
The 0patch team has updated its patch to work with Microsoft’s March 2022 security updates. Versions of Windows 10 1803, Windows 10 1809 and Windows 10 2004 are still protected by the original 0patch patch, as support for these devices has ended and they have not received Microsoft updates replacing the DLL.