An unofficial patch for Windows 10 fixes a problem.

By jonas Author

Updated - March 23, 2022

An unofficial patch for Windows 10 fixes a problem.
  • CVE-2021-34484 may have slipped your mind, but Microsoft claims it has been resolved.
  • Since it was recently straightened out, nothing could be further from the truth.
  • The only way to fix this known Windows 10 flaw was to use an unauthorised patch.
  • Check out which versions of Windows 10 received the CVE-2021-34484 fix.


As many of you are aware, numerous problems that Microsoft declared fixed are still being aggressively abused and have yet to be fully resolved.

That said, the issue we're currently discussing is a local privilege escalation (LPE) problem in the Windows User Profile service.

This vulnerability was first identified by Microsoft with the ID CVE-2021-34484 and a CVSS v3 score of 7.8, and it was allegedly patched through the August 2021 Patch Tuesday update.

CVE-2021-34484 was finally patched.

Abdelhamid Naceri, a security researcher who initially discovered the flaw in 2021, was able to get through Microsoft's security patch.

Microsoft released its next patch on January 20, 2022 Patch Tuesday, however Naceri was able to go around it on all versions of Windows except Server 2016.

This threat did not exploit 0patch's micropatch, which frequently issues unapproved micropatches for various security flaws.

A specific profext.dll DLL file released by 0patch was able to resolve the problem. Microsoft, on the other hand, appears to have changed this DLL file and invalidated the fix, leaving users' systems exposed once more.


On supported Windows versions, CVE-2021-34484 is once again a zero-day vulnerability. This vulnerability was not reopened on affected Windows systems with 0patch and whose official support had already expired (Windows 10 v1803, v1809, and v2004).

On the following Windows versions, the security experts at 0patch ported their micropatch to the latest profext.dll:

  1. Windows 10 v21H1 (32 & 64 bit) updated with March 2022 Updates
  2. Windows 10 v20H2 (32 & 64 bit)updated with March 2022 Updates
  3. Windows 10 v1909 (32 & 64 bit)updated with March 2022 Updates
  4. Windows Server 2019 64 bit updated with March 2022 Updates

The above-mentioned patch can be faound on their blog, but keep in mind that this is an unofficial workaround.

What is your opinion on this entire situation? Share your thoughts with us in the comments section below.

You May Also Like!