Security researchers have identified a new zero-day Local Privilege Escalation vulnerability (CVE-2021-34484) in all Microsoft Windows operating system versions. The vulnerability is being tracked as CVE-2021-34484, which is a partially patched bug in Windows operating system. Since the zero-day Local Privilege Escalation vulnerability affects all new versions of Windows, it is required to know how to fix CVE-2021-34484, a new zero-day Local Privilege Escalation vulnerability.
About CVE-2021-34484- A Zero-Day LPE Vulnerability In Windows
Microsoft considered the vulnerability as an arbitrary directory-deletion issue and released security patches as part of its August’s months updates. Microsoft concluded the vulnerability was considered a low priority as the attacks needed someone to log in locally into the machine to exploit it.
Later, security researcher Abdelhamid Naceri disclosed that attackers could leverage the same vulnerability to carry out the privilege escalation attacks. In addition to this, Abdelhamid Naceri also found a bypass for the original patch that could be abused to elevate privileges to gain SYSTEM privileges on the target machine. This made this CVE-2021-34484 vulnerability is considered a zero-day.
The best part is, this vulnerability is most likely not widely abused as other local privilege escalation vulnerabilities like PrintNightmare.
What Opatch Said About The CVE-2021-34484 Vulnerability?
As per the report published by Opatch, “The vulnerability lies in the User Profile Service, specifically in the code responsible for creating a temporary user profile folder in case the user’s original profile folder is damaged or locked for some reason. Abdelhamid found that the process (executed as Local System) of copying folders and files from user’s original profile folder to the temporary one can be attacked with symbolic links to create attacker-writable folders in a system location from which a subsequently launched system process would load and execute attacker’s DLL.”Published by Opatch.
“The crux of the attack is in quickly creating a symbolic link in the temporary user profile folder (C:UsersTEMP) so that when the User Profile Service copies a folder from user’s original profile folder, it will end up creating a folder somewhere else – where the attacker would normally not have permissions to create one.”Published by Opatch.
Proof Of Concept- CVE-2021-34484
Version Affected By The CVE-2021-34484 Vulnerability
The CVE-2021-34484 vulnerability affects every server and desktop edition including 11 and server 2022.
How To Fix CVE-2021-34484- A Zero-Day Local Privilege Escalation Vulnerability In Windows?
We are not sure when Microsoft will release patch for the Local Privilege Escalation vulnerability. However, Opatch has released a free unofficial micropatch to address this issue. We recommend installing this patch until Microsoft release the official fix for the issue.
Opatch has released the patch for these Windows versions:
- Windows 10 v21H1 (32 & 64 bit) updated with October or November 2021 Updates
- Windows 10 v20H2 (32 & 64 bit) updated with October or November 2021 Updates
- Windows 10 v2004 (32 & 64 bit) updated with October or November 2021 Updates
- Windows 10 v1909 (32 & 64 bit) updated with October or November 2021 Updates
- Windows Server 2019 64 bit updated with October or November 2021 Updates
New Updates [22-Mar-2022]:
In short, the CVE-2021-34484 vulnerability is again a 0-day. Microsoft is yet to acknowledge. however, Opatch has responded to this and said that their micropatch is made free once again until there is a fix from Microsoft. We recommend deploying Opatch on your Windows machines and be protected from the flaw.
Time needed: 5 minutes.
How to Fix CVE-2021-34484- A Zero-Day LPE Vulnerability in Windows?
- Create a free account in OpatchVisit Optch and login if you have an account created or register using an email ID.
Note: It’s a free registration.
- Download free Opatch agentDownload the Opatch agent from here: https://0patch.com/
- Execute the Opatch agentYou do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.
- Accept License agreement
- Select installation folderChoose the installation path. If not keep the default.
- Confirm installation
- Finish Opatch agent installation
- Sign into Opatch agent
- Opatch dashboardYou will start seeing the number of available updates on the dashboard upon signing in to the agent.
- Patch applied for the CVE-2021-34484 VulnerabilityClick on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for the CVE-2021-34484 Vulnerability.