Windows 10 / Windows 11: a critical 0-day flaw left unpatched by Microsoft


Alexander Schmid

March 24, 2022 at 4:13 p.m.

5

Windows 11 clubic © clubic.com

Microsoft seems unable to fix a zero-day security flaw that the firm has known about for about seven months.

The vulnerability is of type “ elevation of privileges in Windows User Profile Service and allows users to obtain administrator rights. This affects both Windows 10, Windows 11 and Windows Server.

Two security patches… that don’t work

The security flaw was discovered in the summer of 2021 by researcher Abdelhamid Naceri, who informed Microsoft about it. The Redmond company deployed a first corrective patch in August 2021, but this failed to fully resolve the problem.

A new update was then made available in January 2022, but was also a failure, with Abdelhamid Naceri calling it an even less successful attempt than the first. Worse, with this second patch, Microsoft made inoperable an unofficial patch developed by the independent organization 0patch, which seemed to work correctly.

0patch had to publish in March a new patch compatible with the January update. For its part, Microsoft assures Bleeping Computer than ” actions will be taken to guarantee the safety of users “. It remains to be seen when, this situation has already lasted seven months.

Source: Bleeping Computer



Source link -99