Security News > 2021 > December > Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS
Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation on vulnerable systems.
Tracked as CVE-2021-24084, the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files.
Neither Windows Servers nor systems running Windows 11 are affected by the vulnerability, but the following Windows 10 versions are impacted -.
CVE-2021-24084 is also the third zero-day Windows vulnerability to rear its head again as a consequence of an incomplete patch issued by Microsoft.
Earlier this month, 0patch shipped unofficial fixes for a local privilege escalation vulnerability in the Windows User Profile Service that enables attackers to gain SYSTEM privileges.
Naceri disclosed details of another zero-day flaw in the Microsoft Windows Installer service that could be bypassed to achieve elevated privileges on devices running the latest Windows versions, including Windows 10, Windows 11, and Windows Server 2022.
News URL
https://thehackernews.com/2021/11/unpatched-unauthorized-file-read.html
Related news
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-24084 | Link Following vulnerability in Microsoft products Windows Mobile Device Management Information Disclosure Vulnerability | 0.0 |