Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild

Cyber Security

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit.

Cisco Talos disclosed that it “detected malware samples in the wild that are attempting to take advantage of this vulnerability.”

Tracked as CVE-2021-41379 and discovered by security researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Windows Installer software component was originally resolved as part of Microsoft’s Patch Tuesday updates for November 2021.

Automatic GitHub Backups

However, in what’s a case of an insufficient patch, Naceri found that it was not only possible to bypass the fix implemented by Microsoft but also achieve local privilege escalation via a newly discovered zero-day bug.

The proof-of-concept (PoC) exploit, dubbed “InstallerFileTakeOver,” works by overwriting the discretionary access control list (DACL) for Microsoft Edge Elevation Service to replace any executable file on the system with an MSI installer file, allowing an attacker to run code with SYSTEM privileges.

An attacker with admin privileges could then abuse the access to gain full control over the compromised system, including the ability to download additional software, and modify, delete, or exfiltrate sensitive information stored in the machine.

Prevent Data Breaches

“Can confirm this works, local priv esc. Tested on Windows 10 20H2 and Windows 11. The prior patch MS issued didn’t fix the issue properly,” tweeted security researcher Kevin Beaumont, corroborating the findings.

Naceri noted that the latest variant of CVE-2021-41379 is “more powerful than the original one,” and that the best course of action would be to wait for Microsoft to release a security patch for the problem “due to the complexity of this vulnerability.”

It’s not exactly clear when Microsoft will act on the public disclosure and release a fix. We have reached out to the company for comment, and we will update the story if we hear back.

Products You May Like

Articles You May Like

Big Basket May Soon Have a New Home Delivery Rival, as Big Bazaar Partners With Ercess Live
Logitech G435 Lightspeed Gaming Wireless Headset With Up to 18-Hour Playback Launched in India
Text autocompletion systems aim to ease our lives, but there are risks
PatchWall Replay 2021 Report: 4K and HDR Content Sees More Takers in India
Internet Shutdowns Cost $5.45 Billion in 2021 Globally, India Came Third: Report

Leave a Reply

Your email address will not be published. Required fields are marked *