Security News > 2021 > December > Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS
Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation on vulnerable systems.
Tracked as CVE-2021-24084, the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files.
Neither Windows Servers nor systems running Windows 11 are affected by the vulnerability, but the following Windows 10 versions are impacted -.
CVE-2021-24084 is also the third zero-day Windows vulnerability to rear its head again as a consequence of an incomplete patch issued by Microsoft.
Earlier this month, 0patch shipped unofficial fixes for a local privilege escalation vulnerability in the Windows User Profile Service that enables attackers to gain SYSTEM privileges.
Naceri disclosed details of another zero-day flaw in the Microsoft Windows Installer service that could be bypassed to achieve elevated privileges on devices running the latest Windows versions, including Windows 10, Windows 11, and Windows Server 2022.
News URL
https://thehackernews.com/2021/11/unpatched-unauthorized-file-read.html
Related news
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)
- Microsoft: Recent Windows updates cause Remote Desktop issues (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-24084 | Link Following vulnerability in Microsoft products Windows Mobile Device Management Information Disclosure Vulnerability | 0.0 |