www.fudzilla.com Open in urlscan Pro
194.36.44.31  Public Scan

URL: https://www.fudzilla.com/news/53930-windows-zero-day-makes-you-an-admin
Submission: On November 25 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

POST /news

<form class="form-search" action="/news" method="post">
  <div class="search">
    <label for="mod-search-searchword">Search ...</label><input name="searchword" id="mod-search-searchword" maxlength="200" class="input" type="text" size="20" placeholder="Search ...">
    <input type="hidden" name="task" value="search">
    <input type="hidden" name="option" value="com_search">
    <input type="hidden" name="Itemid" value="498">
  </div>
</form>

Text Content

Fudzilla It News and reviews
 * Home
 * News
   * Mobile
   * Graphics
   * AI & ML
   * PC Hardware
   * Transportation
   * Gaming
   * Cloud
   * IoT
   * Network
 * Reviews
 * About

 * Follow Us
   Facebook Twitter Print Email AddThis 0Share
   

Search ...

Published in News


WINDOWS ZERO-DAY MAKES YOU AN ADMIN

by Nick Farrell on24 November 2021

   
 * font size decrease font size increase font size
   
 * Print
   
 * Email




Its a good to be the King

A security researcher has publicly disclosed an exploit for a new Windows
zero-day local privilege elevation vulnerability that turns a hacker into an
admin.

The exploit works in Windows 10, Windows 11, and Windows Server and was supposed
to have been fixed in the November 2021 Patch Tuesday.

Vole’s 'Windows Installer Elevation of Privilege Vulnerability' vulnerability is
tracked as CVE-2021-41379 and was spotted by security researcher Abdelhamid
Naceri.

But Naceri found a bypass to the patch and a more powerful new zero-day
privilege elevation vulnerability after examining Microsoft's fix. He published
a working proof-of-concept exploit for the new zero-day on GitHub, explaining
that it works on all supported versions of Windows.

"This variant was discovered during the analysis of CVE-2021-41379 patch. The
bug was not fixed correctly, however, instead of dropping the bypass. I have
chosen to actually drop this variant as it is more powerful than the original
one."

Naceri explained that while it is possible to configure group policies to
prevent 'Standard' users from performing MSI installer operations, his zero-day
bypasses this policy and will work anyway. His 'InstallerFileTakeOver' exploit,
and it only took a few seconds to gain SYSTEM privileges from a test account
with 'Standard' privileges.

Naceri said he is hacked off with Vole over its decreasing payouts in their bug
bounty programme so he is releasing the exploit. He recommends users wait for
Microsoft to release a security patch, as attempting to patch the binary will
likely break the installer. We guess that they will be rushing to do this a
little quicker.

A Microsoft spokesperson said in a statement: "We are aware of the disclosure
and will do what is necessary to keep our customers safe and protected. An
attacker using the methods described must already have access and the ability to
run code on a target victim's machine."

 

Last modified on 24 November 2021
Rate this item
 * 
 * 1
 * 2
 * 3
 * 4
 * 5

(1 Vote)


Tagged under
 * windows zeroday




More in this category: « Apple supplier IQE predicts profits plunge Japan
allocates about $5.2 billion to support semi manufacturers »


back to top



MOST POPULAR

 * Apple sues NSO
   
   
   
 * 


LATEST COMMENTS

 * John Adams
   
   Take a chill pill Androd fanboi
   
   Apple sues NSO · 4 hours ago

 * Andrea Sibaldi
   
   "Apple is heading for a bad year too".... fear not, its spinners will find a
   way to make this...
   
   Apple supplier IQE predicts profits plunge · 4 hours ago

 * Andrea Sibaldi
   
   I know... but for some reason the pixel race is following the path of CPU
   clock or screen DPI...
   
   OnePlus 10 Pro leak shows an impressive flagship · 4 hours ago

 * Andrea Sibaldi
   
   Such as? Name one, since you are aware of facts we ignore...!
   
   Apple sues NSO · 4 hours ago

 * John Adams
   
   Still better than virus infested half-baked Androids.. lol
   
   Apple sues NSO · 22 hours ago






READ MORE ABOUT:

 * Home
 * News
   * Mobile
   * Graphics
   * AI & ML
   * PC Hardware
   * Transportation
   * Gaming
   * Cloud
   * IoT
   * Network
 * Reviews
 * About