Warning — Hackers Exploiting New Home windows Installer Zero-Day Exploit within the Wild

Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild

Attackers are actively making efforts to use a brand new variant of a not too long ago disclosed privilege escalation vulnerability to probably execute arbitrary code on fully-patched programs, as soon as once more demonstrating how adversaries transfer shortly to weaponize a publicly out there exploit.

Cisco Talos disclosed that it “detected malware samples within the wild which might be making an attempt to reap the benefits of this vulnerability.”

Tracked as CVE-2021-41379 and found by safety researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Home windows Installer software program element was initially resolved as a part of Microsoft’s Patch Tuesday updates for November 2021.

Automatic GitHub Backups

Nonetheless, in what’s a case of an inadequate patch, Naceri discovered that it was not solely attainable to bypass the repair applied by Microsoft but in addition obtain native privilege escalation by way of a newly found zero-day bug.

The proof-of-concept (PoC) exploit, dubbed “InstallerFileTakeOver,” works by overwriting the discretionary entry management checklist (DACL) for Microsoft Edge Elevation Service to interchange any executable file on the system with an MSI installer file, permitting an attacker to run code with SYSTEM privileges.

An attacker with admin privileges might then abuse the entry to achieve full management over the compromised system, together with the power to obtain further software program, and modify, delete, or exfiltrate delicate data saved within the machine.

Prevent Data Breaches

“Can affirm this works, native priv esc. Examined on Home windows 10 20H2 and Home windows 11. The prior patch MS issued did not repair the difficulty correctly,” tweeted safety researcher Kevin Beaumont, corroborating the findings.

Naceri famous that the most recent variant of CVE-2021-41379 is “extra highly effective than the unique one,” and that the perfect plan of action could be to attend for Microsoft to launch a safety patch for the issue “as a result of complexity of this vulnerability.”

It isn’t precisely clear when Microsoft will act on the general public disclosure and launch a repair. We now have reached out to the corporate for remark, and we are going to replace the story if we hear again.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts