CVE-2021-24084

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Windows 10 version 1809 and later versions

Description: A vulnerability in the Windows Mobile Device Management service is related to the lack of protection for service data. Exploitation of this issue may allow an attacker to gain unauthorized access to protected information. The vulnerability can be exploited using the Local Privilege Escalation (LPE) approach. Research indicates that this vulnerability could allow an attacker to read arbitrary files and affect the system.

Recommendations: For Windows versions prior to the fixed version, apply the necessary patches or fixes as soon as they become available. For Windows 10 version 1809 and later versions, consider applying temporary fixes or workarounds, such as those provided by 0patch, until an official patch from Microsoft is released. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.