Unresolved Unauthorized File Read Vulnerability Impacts Microsoft Windows OS
On November 30, 2021, it was reported that unofficial patches have been released to address a poorly patched Windows security flaw which poses risks for information disclosure and local privilege escalation (LPE) on affected systems. Identified as CVE-2021-24084 (CVSS score: 5.5), this vulnerability is linked to the Windows Mobile Device Management component, potentially allowing attackers to gain unauthorized access to the file system and read arbitrary files. Security researcher Abdelhamid Naceri discovered and reported the issue in October 2020, leading Microsoft to include it in their February 2021 Patch Tuesday updates. However, as noted by Naceri in June 2021, the patch can be bypassed, and it has also been found that the inadequately addressed vulnerability enables attackers to gain administrator privileges and execute malicious code on Windows 10 systems.
Unpatched Unauthorized File Read Vulnerability Exposes Microsoft Windows OS Published: November 30, 2021 A security vulnerability affecting Microsoft Windows operating systems has come to light, revealing potential risks for data disclosure and local privilege escalation. This flaw, identified as CVE-2021-24084 and assigned a CVSS score of 5.5, pertains specifically to…
Unresolved Unauthorized File Read Vulnerability Impacts Microsoft Windows OS
On November 30, 2021, it was reported that unofficial patches have been released to address a poorly patched Windows security flaw which poses risks for information disclosure and local privilege escalation (LPE) on affected systems. Identified as CVE-2021-24084 (CVSS score: 5.5), this vulnerability is linked to the Windows Mobile Device Management component, potentially allowing attackers to gain unauthorized access to the file system and read arbitrary files. Security researcher Abdelhamid Naceri discovered and reported the issue in October 2020, leading Microsoft to include it in their February 2021 Patch Tuesday updates. However, as noted by Naceri in June 2021, the patch can be bypassed, and it has also been found that the inadequately addressed vulnerability enables attackers to gain administrator privileges and execute malicious code on Windows 10 systems.