Microsoft has publicly admitted that they have a zero-day vulnerability in their Windows 10 operating system. Microsoft responded quickly and said they would release an update to fix the issue, but it’s not yet clear when this will happen. Experts say there is still no need for users to panic at the moment.
The “opatch for windows” is a tool that allows users to patch their Windows 10 machine with a third-party micropatch. The micropatch will fix the Zero-Day vulnerability on the system.
Alexandru Poloboc is an author.
Editor of the News
Alex spent the most of his time working as a news reporter, anchor, and on TV and radio, with an overriding drive to always get to the bottom of things and find the truth… Continue reading
Microsoft has failed to completely patch a zero-day vulnerability in Windows 10 that allows successful attackers to gain elevated rights. However, 0Patch has created an unauthorized micropatch to address the issue.
The flaw is referred to as CVE-2021-34484 by the tech giant. Earlier this year, on August Patch Tuesday, Microsoft released a remedy. The weakness, according to the business, is an arbitrary directory-deletion issue.
This Windows vulnerability will be addressed by 0Patch.
Because a threat actor would require local access to exploit a system, Redmond authorities ranked this as a low priority. Even so, the attacker would only be able to remove directories with that level of access.
Security researcher Abdelhamid Naceri subsequently discovered that the weakness might potentially be a mechanism to escalate privileges.
This would provide the threat actor access to system resources, servers, and other network components, however they would still need local access to initiate the chain.
He also discovered that Microsoft’s update is ineffective since attackers may circumvent it, which 0Patch validated in one of their blog entries.
The flaw is in the User Profile Service’s code, especially the code that creates a temporary user profile folder in the event that the user’s original profile folder is destroyed or locked for whatever reason.
Abdelhamid observed that symbolic links may be used to attack the process of moving directories and data from the user’s original profile folder to the temporary one (performed as Local System).
Malicious third parties would do so by creating attacker-writable directories at a system location, from which a system process would load and execute the attacker’s DLL.
To hide Microsoft’s tracks and address the vulnerability, 0Patch created its own micropatch. The patch covers all impacted Windows versions, according to the firm, including 20H2, 2004,1909, and Windows Server 2019.
The Redmond tech behemoth has not said when an official fix would be released, owing to the fact that Microsoft still considers this a low-priority problem due to the lack of local access.
As a result, the December Patch Tuesday software release might be a viable ETA.
Was this page of assistance to you?
Thank you very much!
There are insufficient details It’s difficult to comprehend Other Speak with a Professional
Start a discussion.
Watch This Video-
The “is 0patch safe” is a Windows 10 Zero-Day vulnerability that will be fixed by third-party micropatch.
Related Tags
- micro patch
- 0patch review
- 0patch reddit
- patch windows 7
- acros security