[German]There is an unpatched Local Privilege Escalation vulnerability (CVE-2021-24084) in Windows Mobile Device Management Service. The vulnerability has been known since 2020, but has not yet been patched by Microsoft. ACROS Security has therefore developed a free 0patch solution to mitigate this vulnerability.
The LPE vulnerability (CVE-2021-24084).
In June 2021, security researcher Abdelhamid Naceri published a blog post about an unpatched vulnerability in Windows that allows Information Disclosure. This flaw was first identified and reported to the Zero Day Initiative program in October 2020. The latter reported the flaw to Microsoft on October 27, 2020. The flaw was confirmed and a security advisory was published as CVE-2021-24084.
However, in November 2921, Abdelhamid pointed out that this unpatched bug may actually be a vulnerability that leads to local privilege escalation. Thus, an attacker could locally exploit the LPE vulnerability to gain administrator privileges.
The 0Patch solution for CVE-2021-24084
The team at ACROS Security, which has been providing the 0Patch solution for years, analyzed the LPE vulnerability CVE-2021-24084 and provided a micropatch to render the vulnerability harmless. Mitja Kolsek drew attention to this free solution via Twitter.
The destails are described in this blog post from 0patch, dated on November 26, 2021. The 0patch micropatches are available for free for the following products:
- Windows 10 v21H1 (32 & 64 bit) updated with November 2021 Updates
- Windows 10 v20H2 (32 & 64 bit) updated with November 2021 Updates
- Windows 10 v2004 (32 & 64 bit) updated with November 2021 Updates
- Windows 10 v1909 (32 & 64 bit) updated with November 2021 Updates
- Windows 10 v1903 (32 & 64 bit) updated with November 2021 Updates
- Windows 10 v1809 (32 & 64 bit) updated with May 2021 Updates
For notes on how the 0patch agent works, which loads micropatches into memory at an application's runtime, see blog posts (such as here).
Similar articles
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
0patch fixes 0-day vulnerability in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1013 in Windows 7/Server 2008 R2
0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec
0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability
0patch fixes 0-day in Internet Explorer
0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2
0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)
0Patch provides support for Windows 10 version 1809 after EOL
Windows 10 V180x: 0Patch fixes IE vulnerability CVE-2021-31959
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)
0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 6, 2021)
2nd 0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 19, 2021)
Windows 10: 0patch fix for MSHTML vulnerability (CVE-2021-40444)
0patch fixes LPE Vulnerability (CVE-2021-34484) in Windows User Profile Service