A new Windows zero-day elevation of privilege vulnerability emerged with a public proof of concept (PoC) exploit that grants SYSTEM privileges under certain conditions. The only safe point as of now is that the exploit requires a malicious actor to know another user’s username and password to trigger the vulnerability, so it likely won’t be widely used in attacks. But the critical point is that it affects all versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.

In August, Microsoft released a security update for a “Windows User Profile Service elevation of privilege vulnerability” identified as CVE-2021-34484.After reviewing the fix, researchers notifies that this fix was not enough, and he was able to bypass it with a new exploit that he posted on GitHub.

Advertisements

Still a problem. And there may be scenarios where it can be abused. But the 2-account requirement probably puts it in the boat of NOT being something that will be widely used in the wild.

Researchers Note

Microsoft did not fix what was provided in the report but the impact of the PoC. As the PoC I wrote before was horrible, it could only reproduce a directory deletion bug. researchers notify that since Microsoft only fixed the symptom of bug report and not the actual cause, the exploit could be revisited to junction somewhere else while gaining elevation of privilege.

This exploit will cause an elevated command prompt with SYSTEM privileges to be launched while the User Account Control (UAC) prompt is displayed.

As this bug requires a malicious actor to know another user’s username and password, it will not be abused as much as other elevation of privilege vulnerabilities we’ve seen recently, such as Print Nightmare.