QID 91842

Date Published: 2021-12-01

QID 91842: Microsoft Windows 10 Elevation of Privilege Vulnerability (Zero-day)

An unpatched (zero-day) Windows security vulnerability could allow Information disclosure and Local Privilege Escalation (LPE) on vulnerable systems
The incompletely patched vulnerability for CVE-2021-24084 could also be exploited to gain administrator privileges and run malicious code on Windows 10 machines running the latest security updates.

Affected Software:
Windows 10 Version 20H2
Windows 10 Version 21H1
Windows 10 Version 2004
Windows 10 Version 1909
Windows 10 Version 1903
Windows 10 Version 1809

Note: Windows Servers, Windows 11, Windows 10(Version 1803 and earlier) are not affected.

The vulnerable functionality exists under the "access work or school" settings. A normal user can make use of the "export your management log files" function, which triggers the Device Management Enrollment Service.

  • CVSS V3 rated as Medium - 5.5 severity.
  • CVSS V2 rated as Medium - 4.9 severity.
    • Solution
    There are no vendor supplied patches available at this time.
    Vendor References

    CVEs related to QID 91842

    Software Advisories
    Advisory ID Software Component Link
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].