• Donate
    TheWindowsForum.com needs donations to stay online!
    Love TheWindowsForum.com? Then help keep it alive by sending a donation!

Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 63,000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

ThumperTM

La Patróna
Aug 18, 2010
13,675
9,403
1638274772851.png
Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation (LPE) on vulnerable systems.

Tracked as CVE-2021-24084 (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files.

Security researcher Abdelhamid Naceri was credited with discovering and reporting the bug in October 2020, prompting Microsoft to address the issue as part of its February 2021 Patch Tuesday updates.

But as observed by Naceri in June 2021, not only could the patch be bypassed to achieve the same objective, the researcher this month found that the incompletely patched vulnerability could also be exploited to gain administrator privileges and run malicious code on Windows 10 machines running the latest security updates.

1638274780359.png
"Namely, as HiveNightmare/SeriousSAM has taught us, an arbitrary file disclosure can be upgraded to local privilege escalation if you know which files to take and what to do with them," 0patch co-found Mitja Kolsek said in a post last week.

However, it's worth noting that the vulnerability can be exploited to accomplish privilege escalation only under specific circumstances, namely when the system protection feature is enabled on C: Drive and at least one local administrator account is set up on the computer.

Neither Windows Servers nor systems running Windows 11 are affected by the vulnerability, but the following Windows 10 versions are impacted —

  • Windows 10 v21H1 (32 & 64 bit) updated with November 2021 Updates
  • Windows 10 v20H2 (32 & 64 bit) updated with November 2021 Updates
  • Windows 10 v2004 (32 & 64 bit) updated with November 2021 Updates
  • Windows 10 v1909 (32 & 64 bit) updated with November 2021 Updates
  • Windows 10 v1903 (32 & 64 bit) updated with November 2021 Updates
  • Windows 10 v1809 (32 & 64 bit) updated with May 2021 Updates
CVE-2021-24084 is also the third zero-day Windows vulnerability to rear its head again as a consequence of an incomplete patch issued by Microsoft. Earlier this month, 0patch shipped unofficial fixes for a local privilege escalation vulnerability (CVE-2021-34484) in the Windows User Profile Service that enables attackers to gain SYSTEM privileges.

Then last week, Naceri disclosed details of another zero-day flaw in the Microsoft Windows Installer service (CVE-2021-41379) that could be bypassed to achieve elevated privileges on devices running the latest Windows versions, including Windows 10, Windows 11, and Windows Server 2022.

Source: TheHackerNews
 
Really this just underscores the need for some well planned security outside the Microsoft umbrella.
A good firewall, some decent browser filters and some common sense when reading emails goes a long way for the individual user.
Corporate stuff is an entirely different matter which is why everyone is moving to cloud based environments. SaaS, DaaS and the like create a virtual environment that's far more secure. Yes company files are still vulnerable but multiple redundancies keep them relatively safe from exploitation.
That's what I am seeing on a day to day basis at my job.
 
Back