Security News > 2021 > December > Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS
Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation on vulnerable systems.
Tracked as CVE-2021-24084, the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files.
Neither Windows Servers nor systems running Windows 11 are affected by the vulnerability, but the following Windows 10 versions are impacted -.
CVE-2021-24084 is also the third zero-day Windows vulnerability to rear its head again as a consequence of an incomplete patch issued by Microsoft.
Earlier this month, 0patch shipped unofficial fixes for a local privilege escalation vulnerability in the Windows User Profile Service that enables attackers to gain SYSTEM privileges.
Naceri disclosed details of another zero-day flaw in the Microsoft Windows Installer service that could be bypassed to achieve elevated privileges on devices running the latest Windows versions, including Windows 10, Windows 11, and Windows Server 2022.
News URL
https://thehackernews.com/2021/11/unpatched-unauthorized-file-read.html
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (source)
- Microsoft blocks Windows 11 24H2 on two ASUS models due to crashes (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft wants $30 if you want to delay Windows 11 switch (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-24084 | Link Following vulnerability in Microsoft products Windows Mobile Device Management Information Disclosure Vulnerability | 0.0 |