After Microsoft fails to cure a zero-day exploit, all Windows PCs are at danger

0
111
After Microsoft fails to cure a zero-day exploit, all Windows PCs are at danger

Talos Security Intelligence & Research Group has released a new report outlining the discovery of a zero-day attack that affects all versions of Windows, including recently updated Windows 11 computers. According to the researchers, this attack is an “elevation of privilege vulnerability” that affects Windows Installer, who also points out that malware targeting this vulnerability is already in circulation.

According to Cisco Talos, the zero-day vulnerability affects “any version” of Windows, including Windows Server 2022 and Windows 11 computers with all security patches installed. The team claims that the remedy issued with Microsoft’s November 9 monthly security update failed to address the previously discovered CVE-2021-41379 elevation of privilege vulnerability adequately.

Also See:  New World Player Killing Fishing Bots Every Day Until Amazon Bans Them

Security researcher Abdelhamid Naceri first found the flaw. Earlier this week (through GitHub) produced a new proof of concept demonstrating that Windows Installer may still be abused despite the security fix. According to Talos, bad actors can use the vulnerability to replace any existing executable file with their own MSI, allowing them to run their malware with elevated rights on the victim’s PC.

As a result, this new vulnerability could be more dangerous than the one Microsoft tried to patch earlier this month. The first flaw allowed someone with a limited Windows account to gain administrator capabilities and remove files from a computer; however, the invader could not edit or see any of the system’s existing files.

The disclosed proof-of-concept code, according to Talos, “will almost probably encourage additional abuse of this vulnerability.” The researchers didn’t go into detail about the malware they discovered in the wild that targets this vulnerability, just saying that they “are attempting to exploit this issue.”

Unfortunately, Microsoft has yet to release a security fix to address the zero-day vulnerability. If this vulnerability hasn’t been actively exploited yet, the security firm believes it’ll only be a matter of time until hostile actors take advantage of it. This, of course, raises issues about why Naceri chose to disclose the attack code rather than warn Microsoft and wait for a repair.

Also See:  Microsoft Windows 11 anticipated as a new Sun Valley update

The folks over at Bleeping Computer had the same question and received a response from Naceri. According to the security researcher, Microsoft’s reduced bug bounty payouts were the reason for his decision to reveal the discovery. Even though Microsoft is aware of the problem, the new bug fix has yet to be released. If the previous discovery is any indicator, the update will likely be released on Patch Tuesday, which falls on the second Tuesday of each month.

Source: github | bleepingcomputer | msrc.microsoft | talosintelligence