How to manage Windows Security Tamper Protection feature on Windows 10

Microsoft has yet to fully fix a zero-day vulnerability in Windows 10 that gives escalated privileges to successful attackers. However, 0Patch has developed an unofficial micropatch that aims to solve the problem.

The bug is known by Microsoft and known as CVE-2021-34484. The company already issued a fix during August Patch Tuesday earlier this year. According to the company, the flaw is an arbitrary directory-deletion problem.

Microsoft deems is a low priority because a threat actor would need to have local access to exploit a system. Even so, with that access the attacker would only be able to delete folders.

Advertisement

However, security researcher Abdelhamid Naceri later found that the flaw could also be a gateway to privilege escalation. This would give the threat actor access to system resources, servers, and other parts of a network. Although, they would still need local access to start the chain.

Nacero also found that Microsoft’s fix didn’t really work because attackers can bypass it. In a blog post, 0Patch confirmed this is the case:

“The vulnerability lies in the User Profile Service, specifically in the code responsible for creating a temporary user profile folder in case the user’s original profile folder is damaged or locked for some reason,” says 0Patch’s Mitja Kolsek.

“Abdelhamid found that the process (executed as Local System) of copying folders and files from user’s original profile folder to the temporary one can be attacked with symbolic links to create attacker-writable folders in a system location from which a subsequently launched system process would load and execute attacker’s DLL.”

Fix

0Patch wrote its own micropatch to cover Microsoft’s tracks and close the vulnerability. The company says the patch protects all affected Windows versions: Windows 10 (versions 20H2, 2004, and 1909) and Windows Server 2019.

Microsoft has not said when it will roll out an official patch. It is likely the company still sees this as a low priority issue because of the local access. That could mean the next fix will arrive in December Patch Tuesday next month.

Tip of the day: Did you know that Task Manager lets you set CPU affinity to claw back some resources from running apps and give selected apps higher priority. Our tutorial shows how you can use this helpful feature.

Advertisement