A security researcher, named Abdelhamid Naceri has published technical details and a demo exploit for an unpatched Windows vulnerability that allows elevation of privileges to the SYSTEM level under certain conditions.
The problem affects all versions of the operating system, including Windows 10, Windows 11 and Windows Server 2022. It should be noted that an attacker must know the username and password to exploit the vulnerability.
We are talking about the problem CVE-2021-34484 in the User Profile Service (Windows User Profile), for which Microsoft released a patch in August. Upon closer examination, the fix proved to be ineffective, and Naseri was able to bypass it with a new exploit.
“Microsoft did not fix what was reported in the report, but the impact of the PoC code. Since the PoC I wrote earlier was terrible, it could only reproduce the directory deletion vulnerability, ”the expert explained .
Since Microsoft only addressed the "symptom" and not the root cause of the problem, Naseri was able to rework the exploit. It now allows you to run a command prompt with system privileges while the User Account Control (UAC) window is displayed.
According to CERT / CC analyst Will Dormann, who tested the exploit, the PoC code works, but does not always run an elevated command prompt.
The vulnerability is unlikely to be widely used in attacks, given the number of nuances required to exploit it, but the risk still exists, experts say. It is currently unclear if Microsoft plans to fix the issue.