Unpatched bug in Windows also appears to be local privilege escalation

A security researcher has released details about a vulnerability in Windows that could allow local privilege escalation. That was passed on to Microsoft, but now turns out to be more serious than thought. An unofficial patch is available.

The bug is known as CVE-2021-24084. It was discovered by security researcher Abdelhamid Naceri, who published details about it in June. Initially, it appeared to be a bug that allowed attackers to read files they did not have rights to. Naceri published the details because the leak was relatively harmless, but also after he received no response from Microsoft that promised to fix the leak.

Now security researchers say the vulnerability is more serious than thought. Researchers from 0patch describe in a blog post that the bug allows not only to read files, but also to grant read and write permissions on a computer via the same vulnerability. This can be done in combination with CVE-2021-36934, an LPE vulnerability in the Registry also known as HiveNightmare. An attacker who has access to the bug to read certain files can also exploit that bug to gain admin rights on a system.

0patch has posted details about the vulnerability online. The company has not informed Microsoft, because Abdelhamid Naceri already did so earlier this year. However, 0patch has released its own, unofficial micropatch that should fix the problem. It is available for Windows 10 versions 21H1, 20H2, 2004, 1909, 1903 and 1809. Windows 10 1803 and older are not affected.