CVE-2021-24084 is an improperly patched Windows security vulnerability that could cause information disclosure and local privilege escalation. The flaw is located in the Windows Mobile Device Management component, and could grant unauthorized filesystem access and read arbitrary files.
Another Improperly Patched Windows 10 Bug: CVE-2021-24084
The vulnerability was discovered by researcher Abdelhamid Naceri, who reported it to Microsoft in October 2020. The company addressed the bug in the February 2021 Patch Tuesday.
However, Naceri noticed in June 2021 that the patch issued by Microsoft could be bypassed. Later, he discovered that vulnerability could also be leveraged to obtain admin privileges to run malicious code on Windows 10 machines, even ones equipped with the latest security updates.
Despite the risks that the vulnerability could cause, it is noteworthy that it could be exploited if specific conditions were met. One of them is having the system protection feature enabled on C:Drive, and another one requires having a local administrator account set up on the machine.
This is a list of the affected Windows 10 versions:
- Windows 10 v21H1 (32 & 64 bit) updated with November 2021 Updates
- Windows 10 v20H2 (32 & 64 bit) updated with November 2021 Updates
- Windows 10 v2004 (32 & 64 bit) updated with November 2021 Updates
- Windows 10 v1909 (32 & 64 bit) updated with November 2021 Updates
- Windows 10 v1903 (32 & 64 bit) updated with November 2021 Updates
- Windows 10 v1809 (32 & 64 bit) updated with May 2021 Updates
A Similar Case with CVE-2021-41379
Something similar happened with another vulnerability, CVE-2021-41379. The bug is an elevation-of-privilege vulnerability which Microsoft fixed earlier in November 2021. However, a “more powerful” variant was discovered by the same security researcher, Abdelhamid Naceri. He came across a Windows Installer EoP flaw patched by Microsoft several weeks ago as part of November 2021 Patch Tuesday.
Naceri analyzed the official patch and found a bypass, alongside an even more dangerous zero-day privilege escalation issue. A proof-of-concept code exploit code, dubbed InstallerFileTakeOver, is also available on GitHub. The issue can be leveraged against all currently supported Windows OS versions, making it possible for threat actors to take over Windows 10, Windows 11 and Windows Server. The only necessary condition is being logged onto a Windows machine that has the Edge browser installed.
Related Story: Windows 10 Hacked 5 Times During Tianfu Cup 2021