All Windows PCs at risk after Microsoft fails to fix zero-day exploit
Talos Security Intelligence & Research Group has published a new report that details its discovery from zero exploitation of days that have an impact on all versions of Windows, including newly updated Windows 11 engines. The team explained this exploitation as a “increase in vulnerability of privileges” which affected the Windows installer, also recorded several outstanding malware that targeted this particular vulnerability.
According to Cisco Talos, Zero-Day exploitation includes “every version” Windows version, including Windows Server 2022 and Windows 11 machines that have all the installed security patches. The team pointed to the increase in the vulnerability of the CVE-2021-41379 priority previously found, claiming that the improvement included with Windows monthly security updates on November 9 failed to overcome the exploitation adequately.
The vulnerability was first discovered by Abdelhamid Naceri security researchers who published new evidence of the concept earlier this week (through GitHub) which showed that the Windows Installer can still be exploited despite security patches. Talos explained that evil actors can take advantage of vulnerabilities to exchange files that can be executed with their own MSI to run their own code on the victim’s engine using privileges.
Those who have the potential to make this new vulnerability are worse than those who try Microsoft will be patched earlier this month. The problem that was originally found found to allow someone with a limited Windows account to get administrator rights so that they can delete files on the PC; However, it does not allow intruders to modify or see one of the existing system files.
Talos warns that the code of evidence published “will certainly encourage additional misuse of this vulnerability.” The team does not describe malware found in the wild which targets this exploitation, only notes that they “try to take advantage of this vulnerability.”
Unfortunately, Microsoft does not have a security patch available to address zero day exploitation. Assuming this vulnerability has not been exploited actively, security companies show it is likely to be a short time problem before being used by evil actors. This, of course, raises questions about why Naceri decided to publish the exploitation code rather than reminding Microsoft and waiting to release repairs.
People on computer bleeping have the same question and get a statement from the naceri about it. According to security researchers, Microsoft’s declining bug payments are catalysts for their decisions to publish discoveries. Even though Microsoft was aware of this problem, it did not have a release date for repairs to new bugs. If the previous discovery is an indication of anything, we will likely see the update arriving with the next patch Tuesday, which is the second Tuesday of every month.
