image
Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer elevation-of-privilege vulnerability tracked as CVE-2021-41379 that Microsoft patched a couple of weeks ago as part of its November Patch Tuesday updates. However, after examining the fix, Naceri found a bypass as well as an even more concerning zero-day privilege-elevation bug. The researcher posted a proof of concept (POC) exploit Tuesday on GitHub for the newly discovered bug that he said works on all currently-supported versions of Windows. If exploited, the POC, called InstallerFileTakeOver, gives an actor administration privileges in Windows 10, Windows 11 and Windows Server when logged onto a Windows machine with Edge installed. Peer Research Confirms Exploit and Active Attacks Researchers at Cisco Talos Security Intelligence and Research Group as well as others confirmed the POC can be reproduced as well as corroborating evidence that threat actors were already exploiting the bug. “This vulnerability affects every version of Microsoft Windows, including fully patched Windows 11 and Server 2022,” according to a post on the Cisco Talos blog by Jaeson Schultz, technical leader for Cisco Talos. “Talos has already detected malware samples in the wild that are attempting to take…

Source