The Broadband Guide
search advanced

Windows zero-day vulnerability gets unofficial micropatch

2021-12-12 07:25 by


A recently discovered zero-day vulnerability in Windows lets users get admin privileges. The original 'InstallerFileTakeOver' zero-day bug was published in November and tracked as CVE-2021-41379. It affects all current Windows versions including Windows 10, 11, Server 2022 with November patch. Microsoft issued a response and a security patch for the CVE-2021-41379 bug.

A threat advisory from Cisco Talos last month warned that adversaries are using malware samples that try to leverage the new vulnerability.

However, Abdelhamid Naceri, the security researcher who found the original bug said he found a second Windows Installer vulnerability as well, that has not been patched. Bleeping Computer asked Naceri why he did not report the vulnerability to Microsoft before publication. Naceri responded that it is a reaction to Microsoft cutting bug bounties for reported vulnerabilities.

The second Installer vulnerability also affects all Windows versions, and can be exploited by attackers with limited local accounts to escalate privileges and run code with admin rights. There is currently no official Microsoft security patch for it, and every version of Windows is exposed to the zero-day hack. The only remedy for Windows users and enterprise systems administrators is to wait for a new official Microsoft security patch, or rely on a temporary unofficial third party micropatch.

See more on BleepingComputer


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About