Windows 10 and Windows 11 users are still at risk from a bug that Microsoft pushed out a patch for, which still hasn’t resolved the issue. The dangerous vulnerability affects all versions of Windows, and if exploited allows threat actors to escalate privileges and run code with admin rights. Microsoft has tried to address this issue, pushing out a security patch last month which was meant to stop the Windows 10 and 11 vulnerability in its tracks.
Instead, however, the bug is now “more powerful” than ever before.
That’s according to Abdelhamid Naceri, the researcher who discovered the Windows 10 and Windows 11 flaw in the first place.
This was explained in a Github post online, where Naceri revealed a proof-of-concept exploit for the InstallerFileTakeOver vulnerability, following a November 2021 patch that was meant to fix it.
Naceri wrote: “This variant was discovered during the analysis of CVE-2021-41379 patch. the bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one.”
Security platform 0patch has released a stop-gap fix for this bug. But Naceri said the best thing to do is to wait till Microsoft releases an official patch that addresses the vulnerability.
The researcher wrote: “The best workaround available at the time of writing this, is to wait for Microsoft to release a security patch. Due to the complexity of this vulnerability, any attempt to patch the binary directly will break Windows Installer. So you’d better wait and see how/if Microsoft will screw the patch up again.”
Hopefully it won’t take too much longer for an official fix to be released, with Microsoft saying they are aware of the problem and are working on a new update.
Speaking to Bleeping Computer, Microsoft spokesperson said: “We are aware of the disclosure and will do what is necessary to keep our customers safe and protected.
“An attacker using the methods described must already have access and the ability to run code on a target victim’s machine.”
Elsewhere, Cisco Talos has said that they’ve seen examples of this vulnerability being exploited in the wild.
Nick Biasini, the firm’s head of outreach, said: “During our investigation, we looked at recent malware samples and were able to identify several that were already attempting to leverage the exploit.
“Since the volume is low, this is likely people working with the proof of concept code or testing for future campaigns. This is just more evidence on how quickly adversaries work to weaponise a publicly available exploit.”
Published at Tue, 14 Dec 2021 07:30:00 +0000