Facepalm: Since final summer time, a doubtlessly harmful vulnerability affecting all currently-supported variations of Home windows has eluded Microsoft’s safety group. To this point, Redmond builders have failed to repair it twice. This week an out of doors group launched its personal patch for the second time.
Third-party platform 0patch has launched its second repair for an area privilege escalation vulnerability after Microsoft’s newest try at mitigation broke the group’s first patch. The most recent model works for the March 2022 editions of Home windows 10 v21H1, v20H2, v1909, and Home windows Server 2019. Downloading it requires a free account at 0patch’s web site.
A Bug That Would not Need To Die (CVE-2021-34484) – Twice Bypassed and Twice Micropatched, Will Third Time be a Attraction? https://t.co/BqzFrC9P3E pic.twitter.com/VooVZILHSk
— 0patch (@0patch) March 21, 2022
The entire debacle began final August when safety researcher Abdelhamid Naceri found a vulnerability (CVE-2021-34484) that offers attackers administrator-level privileges. It impacts Home windows 11, Home windows 10, and Home windows Server. Microsoft tried to repair the exploit as a part of August 2021 Patch Tuesday, however Naceri quickly developed a proof of idea that circumvented Microsoft’s repair.
In November, 0patch stepped in with its first unofficial repair, which proved efficient. Nonetheless, Microsoft launched a second official patch as a part of January 2022 Patch Tuesday. Not solely did Naceri discover a means round this one, however making use of it additionally undid 0patch’s working answer.
Builders at 0patch have now ported a brand new repair to variations of Home windows with Microsoft’s newest updates. The group says its first patch nonetheless protects Home windows variations that now not obtain official assist—like Home windows 10 v1803, v1809, and v2004.