New Windows 10 zero-day vulnerability gives admin rights to attackers

<p>A security flaw was discovered under Access work or school settings that manages to bypass the patch released by Microsoft back in February&period; This <a href&equals;"https&colon;&sol;&sol;msrc&period;microsoft&period;com&sol;update-guide&sol;vulnerability&sol;CVE-2021-24084" target&equals;"&lowbar;blank" rel&equals;"noopener">patch<&sol;a> was released to fix the Windows Mobile Device Management information disclosure vulnerability&period;<&sol;p>&NewLine;<p><img class&equals;"alignnone size-full wp-image-4436" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2021&sol;11&sol;security-g7b4d88e4d&lowbar;640&period;jpg" alt&equals;"" width&equals;"640" height&equals;"427" &sol;><&sol;p>&NewLine;<p>Security researcher Abdelhamin Naceri has recently discovered that an incompletely patched flaw could be exploited to gain admin privileges after he <a href&equals;"https&colon;&sol;&sol;halove23&period;blogspot&period;com&sol;2021&sol;06&sol;CVE-2021-24084-Unpatched-ID&period;html" target&equals;"&lowbar;blank" rel&equals;"noopener">publicly disclosed<&sol;a> the spotted bug back in June&period;<&sol;p>&NewLine;<p>https&colon;&sol;&sol;twitter&period;com&sol;KLINIX5&sol;status&sol;1460338968780804098&quest;s&equals;20<&sol;p>&NewLine;<p>Mitja Kolsek who is an Opatch co-founder said that an arbitrary file disclosure can be upgraded to local privilege escalation if one knows which files to take and what to do with them&period; This was confirmed by using the procedure described in <a href&equals;"https&colon;&sol;&sol;www&period;hackingarticles&period;in&sol;windows-privilege-escalation-hivenightmare&sol;" target&equals;"&lowbar;blank" rel&equals;"noopener">Rj Chandel&&num;8217&semi;s blog<&sol;a> in conjunction with Abdelhamid&&num;8217&semi;s bug and being able to run code as local admin&period;<&sol;p>&NewLine;<p>Microsoft is yet to release the patch for this vulnerability&comma; leaving Windows 10 systems with the latest November 20201 security updates exposed to attack&period;<&sol;p>&NewLine;<p>Luckily&comma; this bug can only be exploited if both of the following conditions are met&colon;<&sol;p>&NewLine;<ul>&NewLine;<li>System protection has to be enabled on the C drive with at least one restore point created&period;<&sol;li>&NewLine;<li>At least one local admin account has to be enabled on the local computer or at least one user from the Administrators group has to have its credentials cached&period;<&sol;li>&NewLine;<&sol;ul>&NewLine;<p>And while this vulnerability can be exploited on Windows 10 v1809 and later systems&comma; it appears that Windows 10 v1803 and later&comma; along with all Windows Server versions are not affected&period;<&sol;p>&NewLine;