There are free unofficial fixes for a local privilege escalation vulnerability found in the Mobile Device Management Service, specifically in the Access work or school functionality. The issue affects devices that are running Windows 10, version 1809 (and later).
The bug is related to the ability to bypass the information disclosure error patch ( CVE-2021-24084 ) released by Microsoft engineers in February this year. This month, cybersecurity researcher Abdelhamid Naceri, who initially discovered the problem, noticed that the vulnerability was not fully fixed and could be used to gain administrator rights.
“As we learn from HiveNightmare and SeriousSAM, arbitrary file expansion can be improved to local privilege escalation if you know which files to take and what to do with them,” explains 0patch co-founder Mitya Kolsek. “We confirm that by using the method described in the blog of researcher Raj Chandel, combined with the bug found by Abdelhamid, it is possible to be able to run code as a local administrator.”
While Microsoft has likely already taken notice of the researchers’ reports, the company has yet to fix the bug, meaning systems running Windows 10 (even with the latest security updates from November 2021) are still vulnerable to attacks.
Fortunately, there are two specific conditions that need to be met to carry out an attack. First, system protection must be enabled on drive C and at least one restore point created. Second, at least one local administrator account must be activated on the computer, or the credentials of at least one member of the Administrators group must be cached.
While Microsoft prepares patches, 0patch has already released unofficial free updates for all vulnerable versions of Windows 10 (Windows 10 21H2 is also affected, but not yet supported by 0patch). Let me remind you that 0patch is a platform designed just for such situations, that is, fixing 0-day and other unpatched vulnerabilities, to support products that are no longer supported by manufacturers, custom software, and so on.
The fixes are already available and apply to the following Windows versions:
- Windows 10 v21H1 (32-bit and 64-bit) with the November 2021 Update
- Windows 10 v20H2 (32-bit and 64-bit) with the November 2021 Update
- Windows 10 v2004 (32-bit and 64-bit) with the November 2021 Update
- Windows 10 v1909 (32-bit and 64-bit) with the November 2021 Update
- Windows 10 v1903 (32-bit and 64-bit) with the November 2021 Update
- Windows 10 v1809 (32-bit and 64-bit) with May 2021 Update.
Experts note that the bug does not affect Windows Servers (since the problematic functions of Access work or school are simply not there), and the bug does not apply to Windows 10 version 1803 and earlier versions. The point is that Access work or school works differently there.
Catch up on more stories here
Follow us on Facebook here