“Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability.” Jaeson Schultz, technical leader for Cisco Talos. “This vulnerability affects every version of Microsoft Windows, including fully patched Windows 11 and Server 2022,” according to a post on the Cisco Talos blog by Researchers at Cisco Talos Security Intelligence and Research Group as well as others confirmed the POC can be reproduced as well as corroborating evidence that threat actors were already exploiting the bug. Peer Research Confirms Exploit and Active Attacks If exploited, the POC, called InstallerFileTakeOver, gives an actor administration privileges in Windows 10, Windows 11 and Windows Server when logged onto a Windows machine with Edge installed. The researcher posted a proof of concept (POC) exploit Tuesday on GitHub for the newly discovered bug that he said works on all currently-supported versions of Windows. However, after examining the fix, Naceri found a bypass as well as an even more concerning zero-day privilege-elevation bug. Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer elevation-of-privilege vulnerability tracked as CVE-2021-41379 that Microsoft patched a couple of weeks ago as part of its November Patch Tuesday updates. Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |