techno.rentetan.com – However, security specialists have warned of a bigger campaign in the early phases of the Windows Installer vulnerability. A cybersecurity researcher believes that every version of Windows is vulnerable to a zero-day vulnerability after Microsoft failed to properly patch a similar problem. Small-scale testing and modification of the newly revealed exploit is paving the way for a more widespread attack, according to experts.
An study into recent malware samples identified many “bad actors” who were already trying to exploit the vulnerability, Cisco Talos’ head of outreach Nic Biasini said in an interview with Bleeping Computer. As the volume is minimal, it’s probable that they are people testing or working on proof-of-concept programs.
CVE-2021-41379), which Microsoft claimed to have fixed earlier this month, is to blame for the vulnerability. SYSTEM privileges, the highest level of user rights available on Windows, may be elevated to local privileges with this new variation. Malware writers can utilize these rights to replace any executable file on the system with an MSI file to run programs as an administrator once they have them in place.” To put it simply, they have the ability to take over.
Security researcher Abdelhamid Naceri submitted a proof-of-concept exploit code on Github over the weekend, despite Microsoft’s patch release, that exploits the vulnerability. Considerably worse, Naceri feels this new version is even more harmful since it avoids the group policy that is included in the administrator install of Windows.
An investigation of the CVE-2021-41379 patch revealed this new version. However, instead of removing the bypass, the problem was not solved appropriately. Naceri has decided to remove this version since it is more strong than the original one.
As soon as BleepingComputer ran Naceri’s exploit on an account with “normal” capabilities, it was able to open a command prompt with SYSTEM permissions.
This vulnerability might put billions of systems at danger if it’s allowed to propagate, so don’t be alarmed just yet. More than a billion computers might be affected by this vulnerability, which provides hackers access to all of the current Windows operating systems, including Microsoft’s Windows 10 and Windows 11 operating systems. Bad actors would need to have access to your device in order to carry out this assault, as this is not a remote exploit.
In a blog post, Jaeson Schultz, a technical leader for Cisco’s Talos Security Intelligence and Research Group, emphasized that the availability of functional proof of concept code implies the clock is ticking on Microsoft issuing a real remedy for this issue. There is currently no workaround or repair for this issue.
When Naseri went public with the bug, he didn’t give Microsoft advance notice because he wanted to petition against smaller bug bounty payouts from Microsoft. However, he has advised third-party companies to avoid releasing their own fixes for the bug because doing so could cause the Windows installer to malfunction.
Microsoft is aware of the issue, but has not yet said when a remedy would be made available.
To ensure the safety and security of our consumers, we are aware of the revelation and will do everything that is necessary.” In order to use the methods provided, an attacker must already have access to and the ability to run code on a target victim’s PC,” Microsoft said in a statement to BleepingComputer.
Patch Tuesday, the second Tuesday of every month, is when the corporation releases new security updates.
We’ve added an update at 2:00 AM: The source of these cybersecurity vulnerability accusations has been clarified in the title and the first paragraph of this article (that source being cybersecurity researcher Abdelhamid Naceri). In response to Gizmodo’s report, Microsoft has clarified that the original problem was fixed. Bypassing the patch is what Naceri claims to have done; he says Microsoft didn’t do it “properly.” Our headline has been changed to reflect this. Microsoft’s response:
This is a distinct vulnerability from the one that was previously reported. According to Microsoft, “CVE-2021-41379 was not fixed.”
Naceri’s latest model has not been updated by the firm.