A ‘zeroday’ flaw in Windows 10, 11 and Windows Server offers malicious people the possibility of getting their hands on manager rights. The breach has been known for a few months already, but has not yet been closed despite two patches released previously. Note however that an unofficial patch solves the problem.
There is a flaw in Windows User Profile Service, identified as CVE-2021-34484. The breach was assigned a CVSS V3 score of 7.8. Bleeping Computer reports that the bug was discovered already last summer by researcher Abdelhamid Naceri. The latter informed Microsoft of this, after which the company released a patch in August 2021.
Soon after, Naceri realized, however, that the patch did not close the breach. Last January, Microsoft therefore released a second patch, but still insufficient, according to Naceri.
Unofficial patches
0patch, which releases unofficial patches (in this case for Windows versions that are no longer supported and for vulnerabilities not resolved by Microsoft), had already launched an unofficial update for Windows last November, with a view to solve the problem. This patch is now adapted to the updates released in March during Patch Tuesday. The update is available free of charge for registered users.
0patch’s solution is suitable for:
Windows 10 v21H1 (32 & 64 bit) with March 2022 updates
Windows 10 v20H2 (32 & 64 bit) with March 2022 updates
Windows 10 v1909 (32 & 64 bit) with March 2022 updates
Windows Server 2019 64-bit with March 2022 updates
In collaboration with Dutch IT-channel.
There is a flaw in Windows User Profile Service, identified as CVE-2021-34484. The breach was assigned a CVSS V3 score of 7.8. Bleeping Computer reports that the bug was discovered already last summer by researcher Abdelhamid Naceri. The latter informed Microsoft, after which the company released a patch in August 2021. Shortly after, however, Naceri realized that the patch did not close the breach. Last January, Microsoft therefore released a second patch, but still insufficient, according to Naceri.0patch, which releases unofficial patches (in this case for Windows versions that are no longer supported and for flaws not resolved by Microsoft) , had already launched last November an unofficial update for Windows, in order to solve the problem. This patch is now adapted to the updates released in March during Patch Tuesday. The update is available free of charge for registered users. In collaboration with Dutch IT-channel.