Unpatched Windows Zero-Day Allows Privileged File Access

18
Recently Patched Apache HTTP Server Vulnerability Exploited in Attacks

An unpatched Windows security vulnerability that may not be compromised, but may result in disclosure of information and privacy rights (LPE), researchers have warned. Issue (CVE-2021-24084) has not yet received a formal fix, which makes it bug – but micro patch has been removed as a way to close the gap.

Security researchers first reported the risk as a matter of disclosure in October 2020, via Trend Micro’s Zero-Day Initiative (ZDI). Although Microsoft informed him that it was planning to make repairs last April, the amendment had not yet arrived.

Windows servers are unaffected, and so are Windows 11, Windows 10 v1803 and above Windows 10 versions.

Read More: threatpost