Despite Microsoft’s efforts to make its operating system a safe environment, the truth is that threats appear almost periodically that put the development of the American company in check. And that is what an investigator has discovered when revealing an exploit that allows to obtain administrator permissions.
A new security breach that can make it easier for an attacker to gain administrator privileges and that affects both Windows 10 and Windows 11 and Windows Server 2022. A zero-day vulnerability that leaves a team totally exposed.
No solution for now
This is a security breach discovered by researcher Abdelhamid Naceri, who found a zero-day elevation of privilege vulnerability that managed to overcome the patch released by Microsoft on Patch Tuesday released in November with number CVE-2021-41379.
The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022, and the CVE-2021-41379 patch has not fixed it. If an attacker takes advantage of it, he can gain administrator privilege access to a computer.
In fact, from BleepingComputer they claim that they have tested the operation of the exploit (InstallerFileTakeOver) and have managed to open the command prompt with administrator privileges from an account with standard privileges on a computer with Build 19043.1348 of Windows 10 21H1.
To demonstrate how it works, Abdelhamid Naceri posted details of how the exploit works, explaining that it works on all supported versions of Windows. In passing, he explains that although group policies can be configured to prevent unprivileged users from performing operations with MSI files, this exploit renders this measure useless.The reason for Abdelhamid Naceri is due to frustration over Microsoft’s drop in payments on the bug bounty program.
It is hoped that Microsoft will fix this zero-day vulnerability in an upcoming Patch Tuesday update. For now, the discoverer cautions that it is not advisable to try to fix the vulnerability by patching the binary, as it will likely break the installer.