A security researcher recently unveiled technical details for a vulnerability of raising zero-day privileges in Windows as well as a public use of proof-of-concept (PoC) that provides access to the system in certain settings.
As Cezarina explained, zero-day exploitation refers to a method used by attackers to infiltrate and deploy malware into a system.
A public proof-of-concept (PoC) attack has been released, along with technical details, for an unrepaired Windows zero-day privilege vulnerability that allows users to access SYSTEM in certain circumstances.
Fortunately, in order to take advantage of the vulnerability to take, a terrible player must know another person’s username and password, and therefore is unlikely to be widely exploited.
This specific vulnerability affects all versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.
Microsoft Fixed Vulnerability Released Microsoft has released a security update for “User profile vulnerability in the privilege upload service”. Defect tracking is CVE-2021-34484 And was discovered by a security investigator Abd al-Hamid Nechri.
CVE-2021-34484 bypasses about 0 dayshttps://t.co/W0gnYHxJ6B
– Abdelhamid Naceri (@ KLINIX5) October 22, 2021
As reported by BleepingComputer, After examining the patch, the researcher discovered that it was not enough and that he was able to get around it with a new exploit he posted on GitHub.
Technically, in the previous report CVE-2021-34484. I described a bug where you could abuse the user profile service to create a second node.
But as I see from Microsoft’s ZDI Advisory and Repair, the bug was measured as an arbitrary directory deletion bug.
Microsoft did not correct what was provided in the report but the impact of the PoC. Because the PoC I wrote earlier was terrible, it could only recover a directory deletion bug.
Because they simply addressed the symptom of his bug report and not the root cause, Naceri claims he can update his exploit to set up a junction elsewhere and still obtain privileges.
While the User Account Control (UAC) command is displayed, this exploit will start an increased command line with SYSTEM privileges.
This flaw will not be as widely exploited as other privilege upload vulnerabilities we have seen recently, as it needs a threat player to know another user’s username and password.
Definitely still a problem. And there may be scenarios where it can be abused. But the 2 accounts requirement probably puts it in the boat of not being something that will have extensive use in nature.
If you liked this article, follow us LinkedIn, Twitter, YouTube, Facebook, and Instagram Keep up to date with everything we publish.