Windows zero-day vulnerability gets unofficial micropatch2021-12-12 07:25 by Philip
A recently discovered zero-day vulnerability in Windows lets users get admin privileges. The original 'InstallerFileTakeOver' zero-day bug was published in November and tracked as CVE-2021-41379. It affects all current Windows versions including Windows 10, 11, Server 2022 with November patch. Microsoft issued a response and a security patch for the CVE-2021-41379 bug.
A threat advisory from Cisco Talos last month warned that adversaries are using malware samples that try to leverage the new vulnerability.
However, Abdelhamid Naceri, the security researcher who found the original bug said he found a second Windows Installer vulnerability as well, that has not been patched. Bleeping Computer asked Naceri why he did not report the vulnerability to Microsoft before publication. Naceri responded that it is a reaction to Microsoft cutting bug bounties for reported vulnerabilities.
The second Installer vulnerability also affects all Windows versions, and can be exploited by attackers with limited local accounts to escalate privileges and run code with admin rights. There is currently no official Microsoft security patch for it, and every version of Windows is exposed to the zero-day hack. The only remedy for Windows users and enterprise systems administrators is to wait for a new official Microsoft security patch, or rely on a temporary unofficial third party micropatch.
See more on BleepingComputer