Photo: Sam Rutherford
After Microsoft failed to fix the flaw, every version of Windows is at risk from a terrible zero-day vulnerability.
The exploit is currently a proof-of-concept, but researchers believe the ongoing small-scale testing and tweaking of this exploit is laying the groundwork for a broader attack.
“During our research, we looked at the latest malware samples and were able to identify a few. [bad actors] Nic Biasini, Cisco Talos’ head of outreach, told BleepingComputer. Because volume is low, this is likely people working with proof of concept code or testing for future campaigns.”
The vulnerability exploits a Windows Installer bug (CVE-2021-41379) that Microsoft thinks patched earlier this month. The flaw gives users the ability to elevate local privileges to SYSTEM privileges, which are the highest user rights available in Windows. Once installed, malware creators can use these privileges to replace any executable on the system with an MSI file to run the code as administrator. In short, they can take over the system.
Over the weekend, security researcher Abdelhamid Naceri, who discovered the first flaw, posted on Github a proof-of-concept vulnerability code that works despite Microsoft’s patch release. Worse still, Naceri believes this new version is even more dangerous as it bypasses the group policy found in the administrator installation of Windows.
“This variant was discovered during the analysis of patch CVE-2021-41379. However, the bug was not correctly fixed instead of lowering the bypass. I really chose to drop this variant because it is more powerful than the original,” Naceri wrote.
BleepingComputer tested Naceri’s exploit and “in a few seconds” used it to open a command prompt with SYSTEM permissions from an account with “standard” privileges.
You shouldn’t be too worried just yet, but this vulnerability could put billions of systems at risk if allowed to spread. It is worth reiterating that this vulnerability gives attackers administrative privileges on the latest Windows operating system versions, including Windows 10 and Windows 11; We are talking about more than 1 billion systems. This is not a remote exploit, so malicious people would need physical access to your device to carry out the attack.
Microsoft tagged the initial vulnerability as moderate, but Jaeson Schultz, technical leader of Cisco’s Talos Security Intelligence and Research Group, stressed in a blog post that the existence of functional proof-of-concept code means that the clock is ticking in Microsoft’s release. a patch that really works. In its current form, there are no fixes or workarounds for this flaw.
Telling BleepingComputer that he did not notify Microsoft of the vulnerability before it went public as a way to petition against smaller payments in Microsoft’s bug bounty program, Naseri advises against third-party companies releasing their own patches because doing so could break Windows. loader.
Microsoft is aware of the vulnerability but has not provided a timeline for when it will release a hotfix.
We are aware of the disclosure and will do whatever it takes to ensure the safety and protection of our customers. An attacker using the methods described should already have access and the ability to run code on the target victim’s machine, Microsoft told BleepingComputer.
The company usually releases patches on the “Patch Tuesday” or the second Tuesday of each month. We’ve reached out to Microsoft for details and will update this article if we get more details.
Adblock test (Why?)
Read the Article and More (Microsoft Couldn’t Fix a Zero-Day and Now Every Version of Windows Is At Risk – Gizmodo) https://ift.tt/3COttDx Technology
Share This News