A vulnerability was found in all current Windows that makes it easy to gain administrator rights

A new vulnerability was found in Windows 10, Windows 11 and Windows Server that allows elevation of local privileges and gaining administrator rights. An exploit for it has already been published on the Web, with the help of which attackers who have already hacked the system, but have limited access, can gain full control over the device. The vulnerability affects all currently supported versions of Windows.

Image source: BleepingComputer

Image source: BleepingComputer

As part of Patch Tuesday November 2021, Microsoft patched a Windows Installer privilege escalation vulnerability known as CVE-2021-41379… This vulnerability was discovered by security researcher Abdelhamid Naceri, who found a workaround for the provided fix and a new, more powerful zero-day privilege escalation vulnerability after examining a Microsoft-released patch. Yesterday Naseri posted in Github a working experimental exploit for the new vulnerability, explaining that it works on all supported versions of Windows.

In addition, Naseri explained that while Group Policy can be configured to prevent users with basic privileges from using Windows Installer (MSI), the new vulnerability bypasses this policy and will work anyway. BleepingComputer tested the InstallerFileTakeOver exploit and found that it only took a few seconds for it to gain SYSTEM-level privileges from a test account with Standard privileges. The test was run on Windows 10 21H1 with build number 19043.1348.

Naseri said that he publicly disclosed the zero-day vulnerability due to disappointment at the decrease in Microsoft’s software bugs bounty program. The Redmond Corporation did not comment on the situation in any way. Probably, the vulnerability will be fixed with the release of the update on the next patch Tuesday.

About the author

Alan Foster

Alan Foster covers computers and games and all the news in the gaming industry.

Add Comment

Click here to post a comment