You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
A locally exploited Microsoft vulnerability (CVE-2021-34484) has been unofficially fixed by net heroes 0patch. Again. Found several months ago in the Windows User Profile Service, 0patch has done what Microsoft was seemingly unable to do, nullifying the privilege escalation zero-day vulnerability that had been leaving Windows 10, Windows 11, and Windows Server users open to hackers.
When Microsoft failed to fix the bug before, its patch actually ended up breaking 0patch's previous unofficial patch. There's a lot of to-ing and fro-ing between coders of different creeds, then, which really isn't helping. Here's how it played out:
Discovered and reported by Abdelhamid Naceri, the vulnerability scored a whopping 7.8 on the CVSS v3 danger scale, although we can't find any reports of the vulnerability having been exploited.
Back in August 2021, just after the vulnerability first came in to view, Naceri noticed the door was left ajar. Microsoft's official patch only partially fixed the issue, so Naceri sent a PoC (proof of concept) to prove it was still possible to bypass the patch on any version of Windows.
Best gaming PC: The top pre-built machines from the pros
Best gaming laptop: Perfect notebooks for mobile gaming
That's when 0patch appeared with its first unofficial profext.dll patch, which held the fort for a while, until Microsoft tried again in January 2022, marking the bug as fixed. Naceri quickly found a way to get around it, though, and it turned out Microsoft's fix replaced the file 0patch had added the working patch to.
0patch has now ported the fix for the latest Microsoft patch Tuesday update, so as long as you have a free 0patch Central account, you should be able to get the micro-patch, and undo the foibles of our most beloved Microsoft.
For it's part, Microsoft has responded to Bleeping Computer with an acknowledgement that "we're aware of this report and will take action as needed to protect customers."
