Talos Security Intelligence and Research Group has distributed another report enumerating its revelation of a zero-day exploit affecting all Windows variants, including recently refreshed Windows 11 machines. The group depicts this endeavor as an “rise of advantage weakness” that impacts Windows Installer, likewise taking note of some malware is as of now available for use that objectives this specific weakness.
As per Cisco Talos, the zero-day exploit covers “each variant” of Windows, including Windows Server 2022 and Windows 11 machines that have all of the security patches introduced. The group focuses to the recently found CVE-2021-41379 height of advantage weakness, asserting that the fix included with its Windows month to month security update on November 9 neglected to satisfactorily address the endeavor.
The weakness was first found by security scientist Abdelhamid Naceri who distributed another confirmation of idea recently (through GitHub) showing that Windows Installer can in any case be taken advantage of in spite of the security fix. Talos clarifies that noxious entertainers can exploit the weakness to trade out any current executable record with their own MSI to run their own code on the casualty’s machine utilizing raised advantages.
That possibly makes this new weakness more extreme than the one Microsoft endeavored to fix recently. The initially found issue was found to permit somebody with a restricted Windows record to acquire manager advantages so they could erase documents on a PC; it didn’t, nonetheless, permit the gatecrasher to change or view any of the framework’s current documents.
Talos cautions that the distributed verification of-idea code “will absolutely drive extra maltreatment of this weakness.” The group didn’t intricate upon the malware it found in the wild that focus on this adventure, just taking note of that they “are endeavoring to exploit this weakness.”