October 29, 2021

A Windows zero-day privilege elevation vulnerability was recently uncovered after proof-of-concept (PoC) was released by security researcher Abdelhamid Naceri.

This unpatched vulnerability affects all versions of Windows including Windows 10, 11, and Windows Server 2022.

While the vulnerability may allow users to gain SYSTEM privileges under certain conditions, it however requires a threat actor to know another user’s username and password in a bid to trigger the vulnerability.

Microsoft originally released an update for a “Windows User Profile Service Elevation of Privilege Vulnerability” in August to fix the vulnerability discovered by Naceri as CVE-2021-34484. However, this was not enough, as Naceri discovered that he could work around it with a new exploit that could cause an elevated command prompt to be started with SYSTEM privileges while displaying the User Account Control (UAC) prompt for user accounts.

<span class=”s1″> </span>Naceri clarified, “Technically, in the previous report CVE-2021-34484. I described a bug where you can abuse the user profile service to create a second junction. But as I see from ZDI advisory and Microsoft patch, the bug was metered as an arbitrary directory deletion bug. Microsoft didn’t patch what was provided in the report but the impact of the PoC. Since the PoC I wrote before was horrible, it could only reproduce a directory deletion bug.”

For more information, read the original story in Bleeping Computer.