All Windows versions vulnerable to new Zero Day

New Windows Zero-Day vulnerability affects all versions of Windows, including fully patched installations of Windows 11 and Windows Server 2022.

Nov 26, 2021 - 16:37
 31
All Windows versions vulnerable to new Zero Day

New Windows Zero-Day vulnerability affects all versions of Windows, including fully patched installations of Windows 11 and Windows Server 2022.

Jason Schultz, technical leader at Talos Security Intelligence & Research Group, shared details about the vulnerability, which stems from a previous Windows Installer bug that Microsoft thought it had patched earlier this month (CVE-2021-41379). The original vulnerability allowed a user with a limited account to increase their privileges and delete targeted files on the system. However, this new vulnerability seems to be more serious.

Security researcher Abdelhamid Naceri, to whom Microsoft acknowledged their help in patch notes CVE-2021-41379, did a patch analysis and found that "the bug was not properly fixed," writes PC Mag. Abdelhamid posted details on GitHub and explained that this variant is more powerful than the original because it completely bypasses the Group policy included in the Windows administrative installation function. The effect of an attack is that an attacker can replace any executable file on the system with an MSI file and can run the code as an administrator.

There is currently no patch to fix this vulnerability and malware samples were discovered by accident. So, it's a known vulnerability, and if no one has abused it yet, it will happen pretty quickly. Abdelhamid believes that the only action users can take is to wait for Microsoft to release another security patch due to the complexity of the vulnerability, and " any attempt to directly patch a binary will ruin the Windows installer. "