All Windows PCs at risk after Microsoft fails to fix zero-day exploit

Talos Safety Intelligence & Analysis Group has printed a brand new report detailing its discovery of a zero-day exploit impacting all Home windows variations, together with newly up to date Home windows 11 machines. The group describes this exploit as an “elevation of privilege vulnerability” that impacts Home windows Installer, additionally noting some malware is already in circulation that targets this explicit vulnerability.


In line with Cisco Talos, the zero-day exploit covers “each model” of Home windows, together with Home windows Server 2022 and Home windows 11 machines which have the entire safety patches put in. The group factors to the beforehand found CVE-2021-41379 elevation of privilege vulnerability, claiming that the repair included with its Home windows month-to-month safety replace on November 9 didn’t adequately tackle the exploit.

The vulnerability was first found by safety researcher Abdelhamid Naceri who printed a brand new proof of idea earlier this week (by way of GitHub) exhibiting that Home windows Installer can nonetheless be exploited regardless of the safety patch. Talos explains that malicious actors can make the most of the vulnerability to swap out any present executable file with their very own MSI to run their very own code on the sufferer’s machine utilizing elevated privileges.

That doubtlessly makes this new vulnerability extra extreme than the one Microsoft tried to patch earlier this month. The initially found problem was discovered to permit somebody with a restricted Home windows account to realize administrator privileges so they may delete information on a PC; it didn’t, nevertheless, enable the intruder to switch or view any of the system’s present information.

Talos warns that the printed proof-of-concept code “will definitely drive extra abuse of this vulnerability.” The group didn’t elaborate upon the malware it discovered within the wild that focus on this exploit, solely noting that they “are trying to make the most of this vulnerability.”

Sadly, Microsoft doesn’t but have a safety patch out there to handle the zero-day exploit. Assuming this vulnerability isn’t but actively exploited, the safety agency signifies it’ll probably be a brief matter of time earlier than it’s utilized by malicious actors. This, naturally, raises questions over why Naceri determined to publish the exploit code slightly than alerting Microsoft and ready for it to launch a repair.

The oldsters at Bleeping Laptop had the identical query and bought a press release from Naceri about it. In line with the safety researcher, Microsoft’s decreased bug bounty payouts had been the catalyst for his resolution to publish the invention. Although Microsoft is conscious of the problem, it doesn’t but have a launch date for the brand new bug repair. If the earlier discovery is any indication, we’ll probably see the replace arrive with the corporate’s subsequent Patch Tuesday, which is the second Tuesday of each month.

Be the first to comment

Leave a Reply

Your email address will not be published.