Windows PrintNightmare is a vulnerability that affects printing services, and it took Microsoft months to go through multiple fixes before it was fully fixed. And now another such “psoriasis” vulnerability has appeared, which exists in the Windows User Profile service and is a local privilege escalation vulnerability (LPE). It is listed as a CVE-2021-34484 tracker and has a score of 7.8 in the CVSS v3 Risk Assessment.
The vulnerability was first patched by Microsoft during its Patch Tuesday event day in August 2021. Nonetheless, security researcher Abdelhamid Naceri, who first discovered the vulnerability in 2021, was able to bypass security patches provided by Microsoft. After that, Microsoft released the next fix via the January 2022 Patch Tuesday, but Naceri was again able to bypass it on all Windows versions except Server 2016.
The 0patch team regularly releases unofficial micro patches for various security vulnerabilities, and they find that their micro patches cannot be exploited by this threat. One of the “profext.dll” DLL files released by 0patch can fix this problem. However, Microsoft appears to have modified this DLL file to disable the patch, leaving users’ systems under attack again.
In response to this situation, 0patch has now ported its fix for the new profext.dll and is available for download. The company said:
- While our own micro patches cannot be bypassed using Abdelhamid’s new trick, Microsoft modified the DLL (profext. Protect users who diligently apply Windows Updates.
- We ported our micro patches to the latest profext.dll for the following Windows versions.
- Windows 10 v21H1 (32 & 64 bit) updated with March 2022 Updates
- Windows 10 v20H2 (32 & 64 bit) updated with March 2022 Updates
- Windows 10 v1909 (32 & 64 bit) updated with March 2022 Updates
- Windows Server 2019 64 bit updated with March 2022 Updates