1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This nasty Windows 10 zero-day vulnerability finally has an unoff

    From TechnologyDaily@1337:1/100 to All on Tue Mar 22 13:30:04 2022
    This nasty Windows 10 zero-day vulnerability finally has an unofficial fix

    Date:
    Tue, 22 Mar 2022 13:15:39 +0000

    Description:
    After Microsoft breaks the old patch, 0patch has built a new one

    FULL STORY ======================================================================

    A nasty zero-day Windows vulnerability that Microsofts has so far been unsuccessful at patching has finally got an unofficial fix.

    The CVE-2021-34484 (and later CVE-2022-21919), a 7.8 severity vulnerability allows elevation of privilege in Windows 10, Windows 11, and Windows Server, but has now been fixed by the 0patch team, and is available for download on this link for all registered users.

    The flaw was first discovered by security researcher Abdelhamid Naceri, who disclosed it to Microsoft in the summer of 2021, with the company issuing a fix as part of its August 2021 Patch Tuesday. TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << If it's not broken,
    don't try to fix it

    However, Naceri soon discovered that the patch itself was flawed, and published a proof-of-concept that showcase how an attacker could still abuse the vulnerability. Where Microsoft failed, 0patch succeeded. However, when Microsoft realized the patch failed, it gave the vulnerability a new tracking ID (CVE-2022-21919) and pushed another fix.

    This one, according to Naceri, was worse than the first as it removed the initial unofficial fix, putting everyone who had applied it, back in harms way. Read more

    Windows 11 22H2 Update 'Sun Valley 2': everything we know so far


    This Windows Server update is causing a bunch of problems


    How to fix a stuck Windows update

    Now, 0patch has ported the fix, which now works with the March 2022 Patch Tuesday update. Same as with the previous one, this one is free for
    registered users, as well. Heres the list of OS versions that can apply it:

    Windows 10 v21H1 (32 & 64 bit) updated with March 2022 Updates

    Windows 10 v20H2 (32 & 64 bit) updated with March 2022 Updates

    Windows 10 v1909 (32 & 64 bit) updated with March 2022 Updates

    Windows Server 2019 64 bit updated with March 2022 Updates

    0patchs original patch still works on Windows 10 1803, Windows 10 1809, and Windows 10 2004.

    There are no evidence of the flaws being abused in the wild with malware , or viruses , the publication confirmed. The devices that reached end of life did not receive the update. Stay safe with our list of the best ransomware protection services right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-nasty-windows-10-zero-day-vulnerability-fi nally-has-an-unofficial-fix/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)