• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft patch fails to fix installer zero day affecting every version

Microsoft patch fails to fix Installer zero-day affecting every version of Windows

You are here: Home / General Cyber Security News / Microsoft patch fails to fix Installer zero-day affecting every version of Windows
November 25, 2021

Cyber criminals are testing out a evidence-of-concept malware that targets a zero-day escalation of privilege exploit in the Microsoft Windows Installer.

The flaw, which allows hackers with a restricted person account to elevate their privileges to come to be an administrator, has an effect on every single version of Microsoft Windows, which includes thoroughly patched Windows 11 and Server 2022.

Malware samples have by now been detected in the wild that are attempting to choose gain of this vulnerability, in accordance to a web site article by security scientists at Cisco Talos.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


It was security researcher Abdelhamid Naceri who to begin with found this elevation of privilege vulnerability and labored with Microsoft to handle it. Microsoft then launched an update that was meant to fix CVE-2021-41379 on 9 November as section of its monthly security update.

On the other hand, the patch failed to resolve the vulnerability, and Naceri printed a evidence-of-concept exploit code on GitHub on 22 Nov that however operates regardless of the fixes implemented by Microsoft.

“The code Naceri launched leverages the discretionary access regulate record (DACL) for Microsoft Edge Elevation Support to swap any executable file on the technique with an MSI file, allowing for an attacker to run code as an administrator,” said Jaeson Schultz, technological chief for Cisco’s Talos Security Intelligence & Investigation Group.

According to a submitting by Naceri on GitHub, the system could not operate on every installation, since windows installations, such as server 2016 and 2019, may well not have the elevation services.

“I deliberately remaining the code which acquire over file open, so any file specified in the first argument will be taken around with the situation that System account should have obtain to it and the file mustn’t be in use. So you can elevate your privileges on your own,” he explained.

Naceri included that the most effective workaround available at the time of producing this is to wait for Microsoft to release a security patch, due to the complexity of this vulnerability.

“Any endeavor to patch the binary instantly will split windows installer. So you improved hold out and see how Microsoft will screw the patch all over again,” he claimed.


Some elements of this short article are sourced from:
www.itpro.co.uk

Previous Post: «if you're not using antivirus software, you're not paying attention If You’re Not Using Antivirus Software, You’re Not Paying Attention
Next Post: FBI: 2021 Holiday Season Fraud Could Exceed $53m Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.