All Versions of Windows Are Vulnerable to a New Zero-Day Exploit

Malware writers are already trying to take advantage of this privilege escalation vulnerability.

A new Windows zero-day vulnerability affects all versions of Windows, including fully patched Windows 11 and Windows Server 2022 installations.

Jason Schultz, Technical Leader at Talos Security Intelligence & Research Group, shared details of the vulnerability, which stems from a previous Windows Installer bug that Microsoft thought it had patched earlier this month (CVE-2021-41379). The original vulnerability allowed a user with a limited account to escalate their privileges and delete targeted files on a system. This new vulnerability looks to be more serious, though.

Security researcher Abdelhamid Naceri, who Microsoft acknowledged for their help in the notes of the CVE-2021-41379 patch, did an analysis of the patch and found "the bug was not fixed correctly." Abdelhamid posted details on GitHub and explained how this variant is more powerful than the original because it completely bypasses the group policy included in the administrative install feature of Windows. The knock-on effect being that an attacker can replace any executable file on the system with an MSI file and can run code as an administrator.

Right now, there is no patch to fix this vulnerability and malware samples have been discovered in the wild. So it's a known vulnerability and if it's not being used already it will be pretty soon. Abdelhamid believes the only action users can take is to wait for Microsoft to release another security patch because of the complexity of the vulnerability, and "any attempt to patch the binary directly will break windows installer."

As ever, Windows users should be running a security suite and keeping all their software applications updated as a precaution against any malicious activity. Hopefully the coverage this zero-day exploit is receiving encourages Microsoft to create and release a security patch quickly.

Source