Advertisement

News

Unofficial fix for Windows 10 Zero-day bug

Unofficial fix for Windows 10 Zero-day bug
Russell Kidson

Russell Kidson

  • Updated:

A particularly unpleasant zero-day bug plaguing Windows 10 devices finally has an unofficial fix. While Microsoft has released numerous official fixes for the bug, each has only worsened the situation. Luckily, however, 0patch has stepped in once again to prevail where Microsoft continues to fail. 

First identified in the summer of 2021 by security researcher Abdelhamid Naceri, the vulnerability (tracking code CVE-2021-34484) allowed threat actors to elevate their user privileges on target devices if they knew the username and password of at least two different users, putting billions of Windows users at risk for attack. The vulnerability affects users of Windows 10, 11, and even Windows Server.

In August of the same year, Microsoft released a fix for the 7.8 severity vulnerability as a feature of its Patch Tuesday release. The fix came under the critical examination of Naceri, who, finding the fix severely lacking, published a proof-of-concept evasion method on GitHub. According to Naceri, Microsoft failed to address the root cause of the vulnerability, instead choosing to focus only on what Naceri saw as a symptom. 

Subsequent to Naceri’s findings, 0patch released a fix for the vulnerability, but as soon as Microsoft realized that their patch had failed, the vulnerability received a new tracking number, CVE-2022-21919, and immediately pushed an additional fix. This fix proved worse than its first, in Naceri’s opinion, and virtually undid the progress 0patch had made in patching the original vulnerability. 

Luckily, 0patch has ported the fix, which has now been proven to work with Microsoft’s March 2022 Patch Tuesday release. As with the previous 0patch fix, the latest is free to download, provided you have a registered copy of the affected Windows operating systems. The following is a list of compatible versions, all of which have been furnished with the March 2022 updates:

  • Windows 10 v21H1 (32 & 64 bit)
  • Windows 10 v20H2 (32 & 64 bit) 
  • Windows 10 v1909 (32 & 64 bit) 
  • Windows Server 2019 64 bit 

It is pertinent to note that devices that experienced end-of-life were not furnished with the March 2022 update. 

The original 0patch fix still works on three versions of Windows 10, namely, Windows 10 1803, 1809, and 2004. As of yet, there is no evidence of the vulnerability having been exploited in the wild, so to speak, and no viruses or malware have been confirmed to be associated with it. If you’d like to explore Windows 11’s updates more comprehensively, why not read our article on the subject.

Russell Kidson

Russell Kidson

I hail from the awe-inspiring beauty of South Africa. Born and raised in Pretoria, I've always had a deep interest in local history, particularly conflicts, architecture, and our country's rich past of being a plaything for European aristocracy. 'Tis an attempt at humor. My interest in history has since translated into hours at a time researching everything from the many reasons the Titanic sank (really, it's a wonder she ever left Belfast) to why Minecraft is such a feat of human technological accomplishment. I am an avid video gamer (Sims 4 definitely counts as video gaming, I checked) and particularly enjoy playing the part of a relatively benign overlord in Minecraft. I enjoy the diverse experiences gaming offers the player. Within the space of a few hours, a player can go from having a career as an interior decorator in Sims, to training as an archer under Niruin in Skyrim. I believe video games have so much more to teach humanity about community, kindness, and loyalty, and I enjoy the opportunity to bring concepts of the like into literary pieces.

Latest from Russell Kidson

Editorial Guidelines