Windows zero-day flaw giving admin rights gets unofficial patch, again
A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server. The locally exploited vulnerability in Windows User Profile Service is tracked as CVE-2021-34484 and was given a CVSS v3 score of 7.8. While exploits have been publicly disclosed in the past, they are not believed to be actively exploited in the wild. The peculiarity of this case lies in the fact that Microsoft has been unable to address the flaw since its discovery last summer and that it has marked the bug as fixed twice. Top Articles READ MORE US charges 4 Russian govt employees with critical infrastructure hacks According to the 0patch team, which has been unofficially providing fixes for discontinued Windows versions and some vulnerabilities that Microsoft won't address, the flaw is still a zero-day. In fact, Microsoft's patches failed to fix the bug