A new Windows zero-day vulnerability affects all versions of Windows, including fully patched Windows 11 and Windows Server 2022 installations.
Jason Schultz, Technical Leader at Talos Security Intelligence & Research Group, shared details of the vulnerability, which stems from a previous Windows Installer bug that Microsoft thought it had patched earlier this month (CVE-2021-41379). The original vulnerability allowed a user with a limited account to escalate their privileges and delete targeted files on a system. This new vulnerability looks to be more serious, though.
Security researcher Abdelhamid Naceri, who Microsoft acknowledged for their help in the notes of the CVE-2021-41379 patch, did an analysis of the patch and found "the bug was not fixed correctly." Abdelhamid posted details on GitHub and explained how this variant is more powerful than the original because it completely bypasses the group policy included in the administrative install feature of Windows. The knock-on effect being that an attacker can replace any executable file on the system with an MSI file and can run code as an administrator.
Right now, there is no patch to fix this vulnerability and malware samples have been discovered in the wild. So it's a known vulnerability and if it's not being used already it will be pretty soon. Abdelhamid believes the only action users can take is to wait for Microsoft to release another security patch because of the complexity of the vulnerability, and "any attempt to patch the binary directly will break windows installer."
Recommended by Our Editors
As ever, Windows users should be running a security suite and keeping all their software applications updated as a precaution against any malicious activity. Hopefully the coverage this zero-day exploit is receiving encourages Microsoft to create and release a security patch quickly.
Get Our Best Stories!
Sign up for What's New Now to get our top stories delivered to your inbox every morning.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
https://ift.tt/3xoo2Kj
Bagikan Berita Ini
0 Response to "All Versions of Windows Are Vulnerable to a New Zero-Day Exploit - PCMag.com"
Post a Comment