Windows Zero-Day Error Giving Administrative Privileges Gets Another Unofficial Patch

A photo of different medicinal drugs, tablets and pills on blue background.

Windows bug

A zero-day Windows local privilege escalation vulnerability that Microsoft hasn’t fully fixed in several months allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server.

The locally exploited vulnerability in Windows User Profile Service is tracked as CVE-2021-34484 and has a CVSS v3 score of 7.8. While exploits have been made public in the past, they are not believed to be actively exploited in the wild.

What’s special about this case lies in the fact that Microsoft has been unable to fix the bug since its discovery last summer and has marked the bug as resolved twice.

According to the 0patch team, which has unofficially provided fixes for discontinued Windows versions and some vulnerabilities that Microsoft will not fix, the flaw is still a zero-day. In fact, Microsoft’s patches failed to fix the bug and broke the previous unofficial patch from 0patch.

The LPE that won’t stick

The elevation of privilege vulnerability in Windows User Profile Service, tracked as CVE-2021-34484, was discovered by security researcher Abdelhamid Naceric and disclosed to Microsoft, who fixed it as part of the August 2021 patch Tuesday.

Shortly after the fix was released, Naceri noted that Microsoft’s patch was incomplete and presented a proof of concept (PoC) that bypassed it on all Windows versions.

CVE-2021-34484​​​​​​​ Use to launch an elevated command prompt with SYSTEM privilegesCVE-2021-34484 Exploit launching an elevated Command Prompt with SYSTEM privileges
Source: BleepingComputer

The 0patch team stepped in at that point and released an unofficial security update for all Windows versions and made it free to download for all registered users.

Microsoft also responded to this bypass with a second security update released with the January 2022 Patch Tuesday, with the bypass getting a new tracking ID as CVE-2022-21919 and marking it as fixed. However, Naceri found a way around that solution while noting that this attempt was worse than the first.

While testing their patch against the researcher’s second bypass, 0patch found that their patch on the “profext.dll” DLL still protected users from the new exploit method, keeping these systems safe.

However, Microsoft’s second attempt at recovery replaced the “profext.dll” file, leading to the unofficial fix’s removal from anyone who applied the January 2022 Windows updates.

0patch has now ported the fix to work with the March 2022 Patch Tuesday updates and made it available for free to all registered users.

The Windows versions that can benefit from the new micro-patch are as follows:

Windows 10 v21H1 (32 & 64 bit) updated with March 2022 Updates Windows 10 v20H2 (32 & 64 bit) updated with March 2022 Updates Windows 10 v1909 (32 & 64 bit) updated with March 2022 Updates Windows Server 2019 64 bit updated with March 2022 updates

It should be noted that Windows 10 1803, Windows 10 1809 and Windows 10 2004 are still protected by the original patch of 0patch as these devices have reached the end of support and have not received the Microsoft update that replaced the DLL .

How to install the micro patch

The micro-patch will remain available as a free download to users of the above Windows versions as long as Microsoft has not released a full fix for the specific LPE issue and all of its redirects.

For those interested in taking advantage of that offer, update your Windows 10 to the latest patch level (March 2022), create a free account in 0patch Central and then install and register the 0patch Agent from here.

Doing so will initiate an automated micro-patching process with no manual actions or reboots required for the odds to take effect on your system.

Bleeping Computer has reached out to Microsoft to ask if it plans to revisit the specific error and perhaps try to fix it in the future via a security update, but we haven’t received a response yet.

This post Windows Zero-Day Error Giving Administrative Privileges Gets Another Unofficial Patch

was original published at “”