AL2021_52 Unpatched Unauthorised File Read Vulnerability Affects Microsoft Windows OS (1st December 2021)

Unofficial fixes have been released to fix a Windows security vulnerability that could allow information leaking and local privilege escalation (LPE) on susceptible systems.

Summary

The weakness, labelled CVE-2021-24084 (CVSS: 5.5), affects the Windows Mobile Device Management component and involves an information disclosure flaw that could allow an attacker to access unauthorized file system access and read arbitrary files.

How it works

Abdelhamid Naceri, a security researcher, was credited with discovering and disclosing the flaw in October 2020, prompting Microsoft to fix it in February 2021 Patch Tuesday releases.

However, in June 2021, Naceri discovered that not only could the patch be bypassed to achieve the same goal but the incompletely fixed vulnerability could also be exploited to get administrator access and launch malicious code on Windows 10 devices running the latest security updates.

" HiveNightmare/SeriousSAM has taught everyone about how arbitrary file exposure can be enhanced to local privilege escalation if you know which files to take and what to do with them," 0patch co-founder Mitja Kolsek stated last week in a blog post.

However, the vulnerability may only be used to gain privilege escalation under certain conditions, such as when the system protection feature on C: Drive is activated and at least one local administrator account is set up on the computer.

The issue does not affect Windows Servers or devices running Windows 1, but it does affect the following versions of Windows 10:

November 2021 Updates for Windows 10 v21H1 (32 and 64 bit) November 2021 Updates for Windows 10 v20H2 (32 and 64 bit)

November 2021 Updates for Windows 10 v2004 (32 and 64 bit) November 2021 Updates for Windows 10 v1909 (32 and 64 bit) November 2021 Updates for Windows 10 v1903 (32 and 64 bit) May 2021 Updates for Windows 10 v1809 (32 & 64 bit)

CVE-2021-24084 is also the third zero-day Windows vulnerability to resurface because of an insufficient Microsoft fix. Earlier this month, 0patch released unofficial remedies for a Windows User Profile Service local privilege escalation vulnerability (CVE-2021-34484) that allows attackers to gain SYSTEM capabilities.

Last week, Naceri revealed details of another zero-day vulnerability in the Microsoft Windows Installer service (CVE-2021-41379) that may be exploited to gain elevated privileges on machines running the most recent Windows versions, including Windows 10, Windows 11, and Windows Server 2022.

Remediation

At this moment there is no fixed patch to remedy this new vulnerability. However, Windows users should implement the following security measures below.

  • Install an antivirus on your workstation along with keeping it updated.

  • Install a firewall on your network and have it configured to suit the network

    operations.

  • Keep windows Operating Software updated to the latest version.

  • Only use legit software.

    The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
    PDF Download: Unpatched Unauthorised File Read Vulnerability Affects Microsoft Windows OS.pdf

    References