Cybersecurity researchers published an exploit for Windows that allows escalating privileges

Bleeping Computer reported that cybersecurity researcher has published an exploit for a new zero-day vulnerability that can be used to escalate local privileges in all supported versions of Windows, including Windows 10, Windows 11 and Windows Server 2022.

The journalists write that they have already tried the exploit in action and were able to open the command line with SYSTEM privileges using an account with Standard privileges.

BleepingComputer tested Naceri’s ‘InstallerFileTakeOver’ exploit, and it only took a few seconds to gain SYSTEM privileges from a test account with ‘Standard’ privileges, as demonstrated in the video below. The test was performed on a fully up-to-date Windows 10 21H1 build 19043.1348 installs.Bleeping Computer journalists reported.

And posted a video demonstration:

This month, as part of Patch Tuesday, Microsoft patched the Windows Installer privilege escalation vulnerability CVE-2021-41379. This problem was discovered by cybersecurity researcher Abdelhamid Naceri, who has now reported that the patch can be bypassed, and the vulnerability then transforms into a more serious problem.

Naseri has already posted a PoC exploit for the new 0-day issue on GitHub, highlighting that the bug is dangerous for all supported OS versions. Naseri explains that while it is possible to configure Group Policy to prevent Standard users from performing MSI installer operations, a new vulnerability can bypass this policy.

This variant [of the vulnerability] was discovered during the analysis of the patch for CVE-2021-4137: the bug was fixed incorrectly and, on the contrary, provided a workaround [fix]. Any attempt to patch the binary directly will break the windows installer. So, you better wait and see how Microsoft will screw the patch again.the expert writes.

When reporters asked Naseri why he publicly disclosed information about a serious 0-day vulnerability, he replied that he was disappointed with the decrease in the size of rewards in Microsoft’s bug bounty program.

Microsoft’s bug bounty went bad in April 2020. I really would not have done this if MSFT had not made the decision to lower payments.the specialist explained.

Let me remind you that recently we also wrote about another vulnerability in Windows 10 that could allow gaining administrator privileges.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *