Microsoft failed to fix a local privilege escalation zero-day vulnerability dubbed as CVE-2021-34484 and that’s where a third-party platform 0patch has come to the rescue, the second time around. The vulnerability allowed attackers with administrator privileges on the affected system.
Fixing the vulnerability with a micropatch
This is the second time 0patch has come to the rescue after the first unofficial fix was destroyed when Microsoft tried to fix the vulnerability with an update.
The latest patch works on March 2022 editions on Windows 10v21H1, v20H2, v1909, as well as Windows Server 2019. It also works on Windows versions that are no longer officially supported such as Windows 10 v1809, v1083, and v2004.
The whole CVE-2021-34484 debacle
According to the whole debacle, the vulnerability dubbed as CVE-2021-34484 was first discovered by Abdelhamid Naceri in August 2021. It affected Windows 10 and 11 as well s Windows Server. Microsoft rolled out an update to fix the same with August 2021 Patch Tuesday, however, there was a way around that attackers could use.
0patch released its first unofficial fix towards CVE-2021-34484 local privilege escalation zero-day vulnerability in November only to see it get destroyed after the Redmond-based giant destroyed it with a January 2022 Patch Tuesday update trying to fix the issue at the first time which didn’t work.
Cut to now, 0patch is back with a new and second patch towards the CVE-2021-34484 vulnerability. Users who can install the micro patch will have to download the March 2022 patch on 0patch’s website after registering on the same.
Follow the onscreen instructions and you should be able to fix the vulnerability that can put your security and privacy at risk.