• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2021-34484- A New Zero-Day Local Privilege Escalation Vulnerability In Microsoft Windows?
How to Fix CVE-2021-34484

Security researchers have identified a new zero-day Local Privilege Escalation vulnerability (CVE-2021-34484) in all Microsoft Windows operating system versions. The vulnerability is being tracked as CVE-2021-34484, which is a partially patched bug in Windows operating system. Since the zero-day Local Privilege Escalation vulnerability affects all new versions of Windows, it is required to know how to fix CVE-2021-34484, a new zero-day Local Privilege Escalation vulnerability.

About CVE-2021-34484- A Zero-Day LPE Vulnerability In Windows

Microsoft considered the vulnerability as an arbitrary directory-deletion issue and released security patches as part of its August’s months updates. Microsoft concluded the vulnerability was considered a low priority as the attacks needed someone to log in locally into the machine to exploit it.

Later, security researcher Abdelhamid Naceri disclosed that attackers could leverage the same vulnerability to carry out the privilege escalation attacks. In addition to this, Abdelhamid Naceri also found a bypass for the original patch that could be abused to elevate privileges to gain SYSTEM privileges on the target machine. This made this CVE-2021-34484 vulnerability is considered a zero-day.

The best part is, this vulnerability is most likely not widely abused as other local privilege escalation vulnerabilities like PrintNightmare.

What Opatch Said About The CVE-2021-34484 Vulnerability?

As per the report published by Opatch, “The vulnerability lies in the User Profile Service, specifically in the code responsible for creating a temporary user profile folder in case the user’s original profile folder is damaged or locked for some reason. Abdelhamid found that the process (executed as Local System) of copying folders and files from user’s original profile folder to the temporary one can be attacked with symbolic links to create attacker-writable folders in a system location from which a subsequently launched system process would load and execute attacker’s DLL.”

Published by Opatch.

“The crux of the attack is in quickly creating a symbolic link in the temporary user profile folder (C:\Users\TEMP) so that when the User Profile Service copies a folder from user’s original profile folder, it will end up creating a folder somewhere else – where the attacker would normally not have permissions to create one.”

Published by Opatch.

Proof Of Concept- CVE-2021-34484

Opatch has released a video PoC clip that shows the exploitation in live.

Published by Opatch

Version Affected By The CVE-2021-34484 Vulnerability

The CVE-2021-34484 vulnerability affects every server and desktop edition including 11 and server 2022.

How To Fix CVE-2021-34484- A Zero-Day Local Privilege Escalation Vulnerability In Windows?

We are not sure when Microsoft will release patch for the Local Privilege Escalation vulnerability. However, Opatch has released a free unofficial micropatch to address this issue. We recommend installing this patch until Microsoft release the official fix for the issue.
Opatch has released the patch for these Windows versions:

  1. Windows 10 v21H1 (32 & 64 bit) updated with October or November 2021 Updates
  2. Windows 10 v20H2 (32 & 64 bit) updated with October or November 2021 Updates
  3. Windows 10 v2004 (32 & 64 bit) updated with October or November 2021 Updates
  4. Windows 10 v1909 (32 & 64 bit) updated with October or November 2021 Updates
  5. Windows Server 2019 64 bit updated with October or November 2021 Updates

Time needed: 5 minutes.

How to Fix CVE-2021-34484- A Zero-Day LPE Vulnerability in Windows?

  1. Create a free account in Opatch

    Visit Optch and login if you have an account created or register using an email ID.

    Note: It’s a free registration.

    https://central.0patch.com/auth/login


    Login to Opatch for free

  2. Download free Opatch agent

    Download the Opatch agent from here: https://0patch.com/

    Download free Opatch agent

  3. Execute the Opatch agent

    You do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.

    Install Opatch agent

  4. Accept License agreement

    Opatch agent- Accept License agreement

  5. Select installation folder

    Choose the installation path. If not keep the default.

    Opatch agent- Seclect installation path

  6. Confirm installation

    Opatch agent- Confirm installation

  7. Finish Opatch agent installation

    Finish Opatch agent installation

  8. Sign into Opatch agent

    Sign into Opatch agent

  9. Opatch dashboard

    You will start seeing the number of available updates on the dashboard upon signing in to the agent.

    Opatch dashboard

  10. Patch applied for the CVE-2021-34484 Vulnerability

    Click on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for the CVE-2021-34484 Vulnerability.

    How to Fix CVE-2021-34484

We hope this post will help you in knowing how to fix CVE-2021-34484, a new zero-day Local Privilege Escalation vulnerability. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.