A Microsoft zero-day vulnerability tracked as CVE-2021-24084 has not been fixed by the technology giant despite having been reported months ago. The vulnerability was initially reported to Microsoft through the company’s Zero Day Initiative in October 2020, researcher Abdelhamid Naceri says. Microsoft acknowledged the vulnerability and said a fix would be issued in April 2021, but that the vulnerability persisted with no updates on any Patch Tuesdays so far. To protect users from this vulnerability, a micropatching service, 0patch has issued unofficial, free patches.”]
Source: https://www.cuinfosecurity.com/report-no-patch-for-microsoft-privilege-escalation-zero-day-a-18017