Zero-day in Microsoft Windows version.
New zero-day vulnerability in Windows 10, Windows 11, and Windows Server makes it possible for any user to take control of a device. The vulnerability affects all supported versions of Windows, and it allows an attacker with limited access to an infected device to elevate their privileges so that they can spread across the network.
The ‘InstallerFileTakeOver’ exploit works on Windows 10, Windows 11, and Windows Server and can be chained with other exploits to fully take over a computer network.
The vulnerability was discovered by security researcher Abdelhamid Naceri as a bypass to a Microsoft patch in response to CVE-2021-41379.
In a statement Microsoft played down the risk, saying:
“We are aware of the disclosure and will do what is necessary to keep our customers safe and protected. An attacker using the methods described must already have access and the ability to run code on a target victim’s machine.”
BleepingComputer reported that hackers have already started exploring the hack.
“Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability,” said Jaeson Schultz, Technical Leader for Cisco’s Talos Security Intelligence and Research Group.
The hackers appear to still be in the development phase of their malware.
“During our investigation, we looked at recent malware samples and were able to identify several that were already attempting to leverage the exploit,” said Cisco Talos’ Head of Outreach Nick Biasini. “Since the volume is low, this is likely people working with the proof of concept code or testing for future campaigns. This is just more evidence on how quickly adversaries work to weaponize a publicly available exploit.”
“Microsoft bounties has been trashed since April 2020, I really wouldn’t do that if MSFT didn’t take the decision to downgrade those bounties,” explained Naceri.
Hope Microsoft will fix the remaining security vulnerabilities in the next patch day.
