Rewterz Threat Advisory – Multiple Microsoft Edge Vulnerabilities
November 23, 2021Rewterz Threat Alert – Trickbot Malware – Active IOCs
November 23, 2021Rewterz Threat Advisory – Multiple Microsoft Edge Vulnerabilities
November 23, 2021Rewterz Threat Alert – Trickbot Malware – Active IOCs
November 23, 2021Severity
High
Analysis Summary
A security researcher has publicly disclosed an exploit for a new Windows zero day privilege escalation vulnerability which can lead to privilege escalation and give admin access to all supported versions of Windows 10, 11 and Windows Server 2022.
This vulnerability was already patched in Microsoft’s patch Tuesday tracked as CVE-2021-41379. But according to security researcher “Naceri” who discovered a new variant while analyzing the previous vulnerability wrote in his blogpost that the bug was not fixed correctly and this variant is more powerful than the originally discovered variant. Naceri also explained, that while it is possible to configure group policies to prevent ‘Standard’ users from performing MSI installer operations, his zero-day bypasses this policy and will work anyway.
CVE-2021-41379
Microsoft Windows could allow a locally authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
Impact
- Privilege Escalation
Affected Vendors
Microsoft
Affected Products
- All supported versions of Windows 10 11 and Windows Server 2022
Remediation
Microsoft is likely to patch the vulnerability in the upcoming Microsoft Patch Tuesday update.
Furthermore, users are advised to patch the previously exploited CVE-2021-41379 vulnerability from Microsoft updates.