Hackers at large are using a new Windows Installer zero-day exploit

Hackers at large are using a new Windows Installer zero-day exploit

“We have found malware samples in the wild that are attempting to exploit this issue,” Cisco Talos said.

Attackers are attempting to use a new variation of a recently reported privilege escalation vulnerability to possibly execute arbitrary code on fully patched computers, highlighting how adversaries may weaponize a publicly accessible exploit swiftly.

The elevation of privilege problem affecting the Windows Installer software component was first patched as part of Microsoft’s Patch Tuesday updates for November 2021, and was tracked as CVE-2021-41379 by security researcher Abdelhamid Naceri.

However, in what’s a case of an insufficient patch, Naceri found that it was not only possible to bypass the fix implemented by Microsoft but also achieve local privilege escalation via a newly discovered zero-day bug.

The proof-of-concept (PoC) exploit, dubbed “InstallerFileTakeOver,” works by overwriting the discretionary access control list (DACL) for Microsoft Edge Elevation Service to replace any executable file on the system with an MSI installer file, allowing an attacker to run code with SYSTEM privileges.

An attacker with admin privileges could then abuse the access to gain full control over the compromised system, including the ability to download additional software, and modify, delete, or exfiltrate sensitive information stored in the machine.

“Can confirm this works, local priv esc. Tested on Windows 10 20H2 and Windows 11. The prior patch MS issued didn’t fix the issue properly,” tweeted security researcher Kevin Beaumont, corroborating the findings.

Naceri noted that the latest variant of CVE-2021-41379 is “more powerful than the original one,” and that the best course of action would be to wait for Microsoft to release a security patch for the problem “due to the complexity of this vulnerability.”

It’s not exactly clear when Microsoft will act on the public disclosure and release a fix. We have reached out to the company for comment, and we will update the story if we hear back. Attackers making attempts to exploit the major security vulnerability, researchers report. The powerful version of the zero-day flaw for which Microsoft released a patch earlier this month can be actively used.[1] Security hole was not properly fixed with the update. The vulnerability potentially leads to arbitrary code execution on systems that received the patch.[2]

Unfortunately, it shows how quickly publicly available exploiters can get weaponized and how major zero-day flaws are.[3] The recent security warnings and attack reports show that zero-day flaw execution can cause real damage and havoc on systems and networks related to major institutions and organizations, businesses. The code execution on the compromised system can lead to data exfiltration or malware deployment.

The News Highlights

  • Hackers at large are using a new Windows Installer zero-day exploit
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
For Cyber Monday, save 25% on the Elgato HD60 S+ gaming capture card
For Cyber Monday, save 25% on the Elgato HD60 S+ gaming capture card
Best Buy’s Cyber Monday sale has the card for a hearty 25% off, making it $149.99 right now, down from its original price of $199.99. The HD60 S+ lets you ...
No proposal to recognize bitcoin as currency says Ministry of Finance in Lok Sabha |  Latest India News
No proposal to recognize bitcoin as currency says Ministry of Finance in Lok Sabha | Latest India News
The RBI had announced its intent to come out with an official digital currency in the face of the proliferation of cryptocurrencies like bitcoin. The Reserve ...
New Covid-19 variant Omicron covers, travel updates from around the world
New Covid-19 variant Omicron covers, travel updates from around the world
As of November 26, “at-risk” countries include South Africa, Botswana, Zimbabwe, as well as “countries in Europe including the United Kingdom,” Brazil, ...
Gaming Laptop Deals on Cyber ​​​​Monday 2021: Black Friday's Best Weekend Sales
Gaming Laptop Deals on Cyber ​​​​Monday 2021: Black Friday’s Best Weekend Sales
Over the last couple of years – since the onset of the pandemic – our laptops have proved themselves priceless. It’s more important than ever to have a ...
Apple is slated to release its long-rumored augmented reality helmet in late 2022, and it's likely to be significantly more powerful than the iPhone
Apple is slated to release its long-rumored augmented reality helmet in late 2022, and it’s likely to be significantly more powerful than the iPhone
He claims that the future headgear will be released in the last three months of 2022, and that it will be as powerful as the latest MacBooks. This year, ...
Can you unload a millionaire with just ETFs?
Can you unload a millionaire with just ETFs?
There are ETFs that invest in broad swaths of the market, as well as specific indexes, sectors, investment styles, or just about any segment of the market ...
Apple's Black Friday sale began in the United States and other countries
Apple’s Black Friday sale began in the United States and other countries
The United States, Canada, Australia, New Zealand, the United Kingdom, Ireland, France, Spain, Portugal, Italy, Germany, Belgium, the Netherlands, Sweden, ...
Portland business robbed three times in just over a month |  local news
Portland business robbed three times in just over a month | local news
Rice blames the city government for the rise of crime in Portland. He says city leaders are inefficient at addressing a problem impacting all Portlanders. Each ...
iPhone Targeted devices in a major cyber attack, users are warned
iPhone Targeted devices in a major cyber attack, users are warned
The powerful software has the ability to infect devices so hackers can extract messages, photos and emails, record calls and secretly activate microphones ...
Best Buy Cyber ​​​​Monday 2021 bargains are now available
Best Buy Cyber ​​​​Monday 2021 bargains are now available
so launched generous Cyber Monday discounts on Samsung Galaxy phones. Verizon is currently the most generous on premium Samsung Galaxy phones as it is ...
Show next
We will be happy to hear your thoughts

      Leave a reply

      Compsmag - Latest News In Tech and Business
      Logo