A partially unpatched security bug in Windows that could allow local privilege escalation from a regular user to System remains unaddressed fully by Microsoft – but an unofficial micropatch from oPatch has hit the scene.
The bug (CVE-2021-34484) was originally disclosed and patched as part of Microsoft’s August Patch Tuesday updates. At the time, it was categorized as an arbitrary directory-deletion issue that was considered low-priority because an attacker would need to locally log into the targeted computer to exploit it, which, in theory, would allow the adversary to delete file folders anyway.
However, the security researcher who discovered it, Abdelhamid Naceri, soon uncovered that it could also be used for privilege escalation, which is a whole other ball of wax. System-level users have access to resources, databases and servers on other parts of the network.
Abdelhamid also took a look at Microsoft’s original patch, subsequently finding a bypass for it via a simple tweak to the exploit code he had developed, essentially reverting it to zero-day status.