Categories: NewsTechWindows

They discover a zero day exploit allows to acquire administrator privileges on computers with Windows 10, 11 and Windows Server

Despite Microsoft’s efforts to make its operating system a safe environment, the truth is that threats appear almost periodically that put the development of the American company in check. And that’s what one researcher has discovered by revealing a exploit that allows to obtain administrator permissions.

A new security breach that can make it easier for an attacker to gain administrator privileges and affects both Windows 10 and Windows 11 and Windows Server 2022. A zero-day vulnerability that leaves a team totally exposed.

No solution for now

Exploit discovered. Github Image

This is a security breach discovered by researcher Abdelhamid Naceri, who found a zero-day elevation of privilege vulnerability that managed to overcome the patch released by Microsoft on Patch Tuesday launched in November under the number CVE-2021-41379.

In Engadget Windows

Are you worried if a file might be infected? These antivirus do not require installation and can get you out of more than one trouble

The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022 and patch CVE-2021-41379 has not fixed it. If an attacker takes advantage of it, they can gain administrator privilege access to a computer.

In fact, since BleepingComputer claim that they have tested the exploit (InstallerFileTakeOver) and have managed to open the command prompt with administrator privileges from an account with standard privileges on a Windows 10 21H1 Build 19043.1348 computer.

To demonstrate how it works, Abdelhamid Naceri published details of how the exploit works in GitHub, explaining that works on all supported versions of Windows. In passing, he explains that although group policies can be configured to prevent unprivileged users from performing operations with MSI files, this exploit renders this measure useless.

The reason why Abdelhamid Naceri is due to the frustration over falling Microsoft payments in the bug bounty program.

{“videoId”: “x85g2v7”, “autoplay”: true, “title”: “TOP APPS WINDOWS 11: 11 ESSENTIAL programs for your new WINDOWS”}

It is expected that Microsoft will fix this zero-day vulnerability in an upcoming update on Patch Tuesday. For now, the discoverer cautions that it is not advisable to try to fix the vulnerability by patching the binaryas it will probably break the installer.

Via | Bleeping Computer

More information | GitHub

(function () {window._JS_MODULES = window._JS_MODULES || {}; var headElement = document.getElementsByTagName (‘head’)[0]; if (_JS_MODULES.instagram) {var instagramScript = document.createElement (‘script’); instagramScript.src = “https://platform.instagram.com/en_US/embeds.js”; instagramScript.async = true; instagramScript.defer = true; headElement.appendChild (instagramScript); }}) ();


The news

They discover a zero day exploit allows to acquire administrator privileges on computers with Windows 10, 11 and Windows Server

was originally published in

Engadget Windows

by Jose Antonio Carmona.

Me Time Tech

Recent Posts

Exploring the Top 5 Voice AI Alternatives: What Sets Them Apart?

Exploring the Top 5 Voice AI Alternatives: What Sets Them Apart?

5 months ago

How iGaming Platforms Ensure Seamless Integration of Casino Games and Sports Betting?

How iGaming Platforms Ensure Seamless Integration of Casino Games and Sports Betting?

6 months ago

The Rise of Spatial Computing: Evolution of Human-Computer Interaction

The Rise of Spatial Computing: Evolution of Human-Computer Interaction

9 months ago

Top 10 Benefits of AWS

Top 10 Benefits of AWS

10 months ago

Data Loss on Windows? Here’s How Windows Recovery Software Can Help

Data Loss on Windows? Here's How Windows Recovery Software Can Help

1 year ago

Integrating Widgets Seamlessly: Tips for Smooth Implementation and Functionality

Integrating Widgets Seamlessly: Tips for Smooth Implementation and Functionality

1 year ago