New zero-day vulnerability in Windows Installer

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Software -> Latest Updates

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

New zero-day vulnerability in Windows Installer, affects all versions of Microsoft's OS

views

TSdaisiesdontdoit92	Nov 27 2021, 06:16 AM, updated 4y ago Show posts by this member only \| Post #1
On my way Junior Member 580 posts Joined: Jan 2020	Microsoft already launched an update to address the vulnerability, but it wasn't enough to solve the issue。 In brief: Computer security group Cisco Talos has found a new vulnerability that affects every Windows version to date, including Windows 11 and Server 2022. The vulnerability exists in the Windows Installer and allows hackers to elevate their privileges to become an administrator. The discovery of this vulnerability led the Cisco Talos group to update its Snort rules, which consists of rules to detect attacks targeting a list of vulnerabilities. The updated list of rules includes the zero-day elevation of privilege vulnerability, as well as new and modified rules for emerging threats from browsers, operating systems and network protocols, among others. Exploiting this vulnerability allows hackers with limited user access to elevate their privileges, acting as an administrator of the system. The security firm has already found malware samples out on the Internet, so there's a good chance someone already fell victim to it. The vulnerability had been previously reported to Microsoft by Abdelhamid Naceri, a security researcher at Microsoft, and was supposedly patched with the fix CVE-2021-41379 on November 9. However, the patch didn't seem to be enough to fix the issue, as the problem persists, leading Naceri to publish the proof-of-concept on GitHub. In simple terms, the proof-of-concept shows how a hacker can replace any executable file on the system with an MSI file using the discretionary access control list (DACL) for Microsoft Edge Elevation Service. Microsoft rated the vulnerability as "medium severity," with a base CVSS (Common Vulnerability scoring system) score of 5.5 and a temporal score of 4.8. Now that a functional proof-of-concept exploit code is available, others could try to further abuse it, possibly increasing these scores. At the moment, Microsoft has yet to issue a new update to mitigate the vulnerability. Naceri seems to have tried to patch the binary himself, but with no success. Until Microsoft patches the vulnerability, the Cisco Talos group recommends those using a Cisco secure firewall to update their rules set with Snort rules 58635 and 58636 to keep users protected from the exploit. https://www.techspot.com/news/92368-new-zer...ffects-all.html
Card PM	Report Top Like Quote Reply

stasio	Nov 28 2021, 11:54 AM Show posts by this member only \| IPv6 \| Post #2
10k Club All Stars 18,503 posts Joined: Oct 2007 From: P.Jaya	You miss section,where to post this info.....sure not here.....
Card PM	Report Top Like Quote Reply

TSdaisiesdontdoit92	Nov 30 2021, 12:58 AM Show posts by this member only \| Post #3
On my way Junior Member 580 posts Joined: Jan 2020	QUOTE(stasio @ Nov 28 2021, 11:54 AM) You miss section,where to post this info.....sure not here..... Where do you think I should post this then? This is windows related.
Card PM	Report Top Like Quote Reply

stasio	Nov 30 2021, 01:46 AM Show posts by this member only \| IPv6 \| Post #4
10k Club All Stars 18,503 posts Joined: Oct 2007 From: P.Jaya	https://forum.lowyat.net/Software daisiesdontdoit92 liked this post
Card PM	Report Top Like Quote Reply

« Next Oldest · Latest Updates · Next Newest »

Add Reply Options

Change to:

0.0147sec

0.61

5 queries

GZIP Disabled
Time is now: 25th November 2025 - 12:22 AM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.