A security researcher discovered that one of the patches pushed for a 0-day exploit in all still-supported Windows versions didn’t mitigate the problem, only the proof of concept for that vulnerability. Subsequently, he immediately released a bypass.
0-day vulnerabilities are not rare, and both companies and researchers find them often. They are quickly patched, usually, but the patches themselves might not always be up to par. It’s also worth noting that not all 0-day vulnerabilities present the same dangers, as some could require special conditions to make them work.
The security problem tracked as CVE-2021-34484 was a “Windows User Profile Service Elevation of Privilege Vulnerability,” and Microsoft patched it. Researcher Abdelhamid Naceri, who initially identified the first vulnerability, noticed that the patch only covered the original proof of concept.
“Microsoft didn’t patch what was provided in the report but the impact of the PoC. Since the PoC I wrote before was horrible, it could only reproduce a directory deletion bug,” said the researcher. “As from the Quick patch analysis, they didn’t do any major changes to the code.”
Naceri proceeded to explain that bypassing the patch was actually trivial and provided the community with a new proof of concept that shows it’s still easy to get to the same result. The proof of concept has been tested on Windows 11 with October 2021 patch, but in theory, it should work on all other Windows versions still supported.
The little bit of good news is that an attacker using this exploit would need direct access to the system and know another user’s user and password. It doesn’t have the potential to damage as other existing privilege elevation exploits, but it’s still a problem that Microsoft needs to fix.