Security News > 2021 > December > Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS
Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation on vulnerable systems.
Tracked as CVE-2021-24084, the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files.
Neither Windows Servers nor systems running Windows 11 are affected by the vulnerability, but the following Windows 10 versions are impacted -.
CVE-2021-24084 is also the third zero-day Windows vulnerability to rear its head again as a consequence of an incomplete patch issued by Microsoft.
Earlier this month, 0patch shipped unofficial fixes for a local privilege escalation vulnerability in the Windows User Profile Service that enables attackers to gain SYSTEM privileges.
Naceri disclosed details of another zero-day flaw in the Microsoft Windows Installer service that could be bypassed to achieve elevated privileges on devices running the latest Windows versions, including Windows 10, Windows 11, and Windows Server 2022.
News URL
https://thehackernews.com/2021/11/unpatched-unauthorized-file-read.html
Related news
- Microsoft testing Windows 11 support for third-party passkeys (source)
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft says having a TPM is "non-negotiable" for Windows 11 (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-24084 | Link Following vulnerability in Microsoft products Windows Mobile Device Management Information Disclosure Vulnerability | 0.0 |