Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service

Mobile Device Management Service

Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service Access to Work or School. The problem is present on devices running Windows 10, version 1809 (and later).

The bug is related to a bypass of the information disclosure patch (CVE-2021-24084) released by Microsoft engineers in February this year. This month, cybersecurity researcher Abdelhamid Naseri, who initially discovered the problem, noticed that the vulnerability was not fully fixed and can be used to gain administrator rights.

As we learn from HiveNightmare and SeriousSAM, arbitrary file expansion can be improved to a local vulnerability if you know what files to take and what to do with them. 0patch co-founder Mitya Kolsek explains.

0patch confirms that by using the method described in the blog of researcher Raj Chandel, combined with a bug discovered by Abdelhamid Naseri, it is possible to be able to run code as a local administrator.”

While Microsoft has likely already taken notice of the researchers’ reports, the company has yet to fix the bug, meaning especially systems running Windows 10 (with the latest security updates from November 2021) are still vulnerable to attacks.

Fortunately, two specific conditions must be met for implementation of vulnerability. Firstly, system protection must be enabled on drive C and at least one restore point must be created. Second, at least one local administrator account must be activated on the computer, or the credentials of at least one member of the Administrators group must be cached.

While Microsoft prepares patches, 0patch has already released unofficial free updates for all vulnerable versions of Windows 10 (Windows 10 21H2 also supports 0patch). Let me remind you that 0patch is a platform designed for such situations, there are zero-day fixes and other unpatched vulnerabilities to support products that are no longer supported by manufacturers, custom software, and so on.

The fixes are already available and apply to the following Windows versions:

  • Windows 10 v21H1 (32-bit and 64-bit) with updates for November 2021;
  • Windows 10 v20H2 (32-bit and 64-bit) with updates for November 2021;
  • Windows 10 v2004 (32-bit and 64-bit) with updates for November 2021;
  • Windows 10 v1909 (32-bit and 64-bit) with updates for November 2021;
  • Windows 10 v1903 (32-bit and 64-bit) with updates for November 2021;
  • Windows 10 v1809 (32-bit and 64-bit) with May 2021 updates.

Experts point out that the bug does not apply to Windows Server (since there are simply no problematic functions), there is simply no access to work or study there), and the bug does not apply to Windows 10 version 1803 and earlier versions. The point is that Access to work or study works there in a different way.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *