{"vulnerability": "cve-2021-24084", "sightings": [{"uuid": "08dc93bf-41f8-44a9-bd3a-c12ab9e49e7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "seen", "source": "https://t.me/cKure/8269", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Unpatched Windows Zero-Day Allows Privileged File Access\n\nA temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.\n\nhttps://threatpost.com/unpatched-windows-zero-day-privileged-file-access/176609/", "creation_timestamp": "2021-11-29T18:15:41.000000Z"}, {"uuid": "5556b899-9486-4c7c-8b97-16bdafb33a44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:52.000000Z"}, {"uuid": "f693419b-7b6e-4342-b21f-77cca0d85f6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "published-proof-of-concept", "source": "https://t.me/intelexch/10352", "content": "https://github.com/exploitblizzard/WindowsMDM-LPE-0Day  CVE-2021-24084 Windows Local Privilege Escalation Left officially unpatched since 2020. Hence, its still a zero day", "creation_timestamp": "2022-03-08T12:04:56.000000Z"}, {"uuid": "d46b0dcc-0906-4f18-b799-1b53335407de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "seen", "source": "https://t.me/ctinow/43023", "content": "0patch releases unofficial patches for CVE-2021-24084 Windows 10 zero-day\n\nhttps://ift.tt/3E3c4rY", "creation_timestamp": "2021-11-28T12:01:28.000000Z"}, {"uuid": "5da2c6e1-d351-4e33-9cb6-be4b895a091f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/2385", "content": "\u041e\u0447\u0435\u0440\u0435\u0434\u043d\u0430\u044f \u0438\u0433\u0440\u0430 \u0432 \u0434\u043e\u0433\u043e\u043d\u044f\u043b\u043a\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u043e\u0438\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Windows 10.\n \n\u041d\u0430\u0434\u0435\u043b\u0430\u0432\u0448\u0438\u0439 \u043c\u043d\u043e\u0433\u043e \u0433\u043e\u043b\u043e\u0432\u043d\u043e\u0439 \u0431\u043e\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0410\u0431\u0434\u0435\u043b\u044c\u0445\u0430\u043c\u0438\u0434 \u041d\u0430\u0441\u0435\u0440\u0438 \u0432\u043d\u043e\u0432\u044c \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u043b \u043f\u0440\u0438\u0437\u0430\u0434\u0443\u043c\u0430\u0442\u044c\u0441\u044f \u043c\u0438\u043a\u0440\u043e\u043c\u044f\u0433\u043a\u0438\u0445, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432, \u0447\u0442\u043e 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (LPE) CVE-2021-24084 \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u043d\u0430 Windows 10 \u0432\u0435\u0440\u0441\u0438\u0438 1809 (\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439) \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u044d\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0432\u044b\u0448\u0435\u0434\u0448\u0438\u0439 \u043f\u043e\u0434 \u043d\u0435\u0435 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u043f\u0430\u0442\u0447 \u043e\u0442 Microsoft.\n \n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438 \u0441\u043e\u0443\u0447\u0440\u0435\u0434\u0438\u0442\u0435\u043b\u044c 0patch \u041c\u0438\u0442\u044f \u041a\u043e\u043b\u0441\u0435\u043a \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u0434\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u0435\u0441\u043b\u0438 \u0447\u0435\u0442\u043a\u043e \u0437\u043d\u0430\u0442\u044c, \u043a\u0430\u043a\u0438\u0435 \u0444\u0430\u0439\u043b\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0438 \u0447\u0442\u043e \u0441 \u043d\u0438\u043c\u0438 \u0434\u0435\u043b\u0430\u0442\u044c.\n \n\u0418 \u0435\u0433\u043e \u0441\u043b\u043e\u0432\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u0432 \u0445\u043e\u0434\u0435 \u0430\u043f\u0440\u043e\u0431\u0430\u0446\u0438\u0438 \u0432 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u041d\u0430\u0441\u0435\u0440\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b, \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0439 \u0432 \u0431\u043b\u043e\u0433\u0435 \u0420\u0430\u0434\u0436\u0430 \u0427\u0430\u043d\u0434\u0435\u043b\u044f, \u0438\u043c\u0435\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043a\u043e\u0434 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n \n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, Microsoft \u043d\u0435 \u0432\u0437\u0438\u0440\u0430\u044f \u043d\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0435\u0449\u0435 \u0432 \u0438\u044e\u043d\u0435, \u0434\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043c\u0443\u0447\u0430\u0435\u0442\u0441\u044f \u043d\u0430\u0434 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439.\n \n\u0418, \u043f\u043e \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u0438 \u043d\u0430 \u043f\u043e\u043c\u043e\u0449\u044c \u0440\u044f\u0434\u043e\u0432\u044b\u043c \u044e\u0437\u0435\u0440\u0430\u043c \u043f\u0440\u0438\u0445\u043e\u0434\u044f\u0442 \u0447\u0430\u0441\u0442\u043d\u044b\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0438\u0437 0patch, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u0441\u0438\u0441\u0442\u0435\u043c Windows 10.", "creation_timestamp": "2021-11-29T16:57:01.000000Z"}, {"uuid": "b6600f23-1791-470e-9342-6b651b7ca49c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "seen", "source": "https://t.me/cibsecurity/33047", "content": "\u274c Unpatched Windows Zero-Day Allows Privileged File Access \u274c\n\nA temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.\n\n\ud83d\udcd6 Read\n\nvia \"Threat Post\".", "creation_timestamp": "2021-11-29T18:56:12.000000Z"}, {"uuid": "d6c492d9-9836-44a9-ad41-e277adc4fc4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "seen", "source": "https://t.me/thehackernews/1691", "content": "Researcher disclose details of an unpatched vulnerability (CVE-2021-24084) in the Windows OS\u2014known to Microsoft since October 2020\u2014that could allow an attacker to gain unauthorized access to the file system and read arbitrary files.\n\nDetails: https://thehackernews.com/2021/11/unpatched-unauthorized-file-read.html", "creation_timestamp": "2021-11-30T10:12:58.000000Z"}, {"uuid": "6cc85d01-1c3f-4f37-a423-f3643c66f515", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "seen", "source": "https://t.me/cibsecurity/24169", "content": "\u203c CVE-2021-24084 \u203c\n\nWindows Mobile Device Management Information Disclosure Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-26T02:38:30.000000Z"}, {"uuid": "a0b77975-7447-4326-8912-5fe460430855", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4876", "content": "#exploit\n1. CVE-2021-21234:\nSpring Boot Actuator Logview Directory Traversal\nhttps://pyn3rd.github.io/2021/10/25/CVE-2021-21234-Spring-Boot-Actuator-Logview-Directory-Traversal\n2. Micropatching Unpatched LPE in Mobile Device Management Service (CVE-2021-24084/0day)\nhttps://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html", "creation_timestamp": "2021-12-01T12:29:13.000000Z"}, {"uuid": "1990c244-d682-45c5-a469-42f43f3ef302", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1253", "content": "#ecploit \nMicropatching Unpatched LPE in Mobile Device Management Service (CVE-2021-24084/0day)\nhttps://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html\n\n@BlueRedTeam", "creation_timestamp": "2021-12-01T09:38:52.000000Z"}, {"uuid": "7f7231bd-d06a-4dbe-9884-fe14142edcbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "published-proof-of-concept", "source": "Telegram/ZgrYaKfoWxLUgzZDTo8G_aEF-rvAT9lk-J3ogZvhycztJVHH", "content": "", "creation_timestamp": "2021-11-26T20:17:37.000000Z"}, {"uuid": "ed682ced-d9b3-4795-9df2-f6a89a9d27e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4850", "content": "#exploit\n1. CVE-2021-40865:\nhttps://github.com/hktalent/CVE-2021-40865\n\n2. CVE-2021-24084:\nWindows MDM LPE\nhttps://github.com/ohnonoyesyes/CVE-2021-24084\n]-> Micropatching Unpatched LPE in Mobile Device Management Service\nhttps://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html", "creation_timestamp": "2021-11-28T13:31:01.000000Z"}, {"uuid": "f33d590b-5326-4624-b0be-579335d04db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/4889", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Nov 1-30)\nCVE-2021-22205 - GitLab CE/EE RCE\nhttps://t.me/cybersecuritytechnologies/4602\nCVE-2021-30883 - iOS IOMFB Vuln\nhttps://t.me/cybersecuritytechnologies/4497\nCVE-2021-3064 - Memory Corruption in PAN-OS GlobalProtect Portal/Gateway Interfaces\nhttps://t.me/cybersecuritytechnologies/4724\nCVE-2021-41379 - Windows Installer LPE\nhttps://t.me/cybersecuritytechnologies/4813\nCVE-2021-42321 - MS Exchange Post-Auth RCE\nhttps://t.me/cybersecuritytechnologies/4809\nCVE-2021-40539 - Zoho ManageEngine Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/4718\nCVE-2021-41277 - MetaBase Arbitrary File Read\nhttps://t.me/cybersecuritytechnologies/4802\nCVE-2021-43267 - Remote Kernel Heap Overflow in TIPC\nhttps://t.me/cybersecuritytechnologies/4678\nCVE-2021-42574 - Unicode Bidirectional override vuln\nhttps://github.com/js-on/CVE-2021-42574\nhttps://github.com/pierDipi/unicode-control-characters-action\nCVE-2021-24084 - Windows MDM LPE\nhttps://t.me/cybersecuritytechnologies/4850", "creation_timestamp": "2021-12-03T11:00:35.000000Z"}, {"uuid": "e59702f4-a5ce-49b3-a1b3-a231c8da3f00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "seen", "source": "https://infosec.exchange/users/briankrebs/statuses/116661298779426573", "content": "RE: https://c.im/@cdarwin/116660769695837565\nOne reason that Microsoft might be issuing such harshly worded language here to describe the researcher may be that, according to Nightmare Eclipse, they until recently worked as a security researcher at Microsoft.\nScroll back far enough through their Xitter account (to June 2020) and you will see they claimed CVE-2019-1385 was theirs. \nOn July 1, 2021, Nightmare Eclipse complained that Microsoft failed to fix one of the weaknesses they reported in CVE-2021-24084. Microsoft credits both of these flaws to the same researcher, whose LinkedIn account says they are in Germany and worked full time at Microsoft from Sept. 2022 to June 2025. \nFor the record, I think @GossiTheDog called it that this person was a former MS employee.\nhttps://x.com/ChaoticEclipse0/with_replies", "creation_timestamp": "2026-05-30T03:03:07.387540Z"}]}