Rewterz Threat Advisory – CVE-2021-41379 – New Windows Zero Day Exploited for Privilege Escalation

Severity

High

Analysis Summary

A security researcher has publicly disclosed an exploit for a new Windows zero day privilege escalation vulnerability which can lead to privilege escalation and give admin access to all supported versions of Windows 10, 11 and Windows Server 2022. 

This vulnerability was already patched in Microsoft’s patch Tuesday tracked as CVE-2021-41379. But according to security researcher “Naceri” who discovered a new variant while analyzing the previous vulnerability wrote in his blogpost that the bug was not fixed correctly and this variant is more powerful than the originally discovered variant. Naceri also explained, that while it is possible to configure group policies to prevent ‘Standard’ users from performing MSI installer operations, his zero-day bypasses this policy and will work anyway.

CVE-2021-41379 

Microsoft Windows could allow a locally authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Impact

• Privilege Escalation

Affected Vendors

Microsoft

Affected Products

• All supported versions of Windows 10 11 and Windows Server 2022

Remediation

Microsoft is likely to patch the vulnerability in the upcoming Microsoft Patch Tuesday update.

Furthermore, users are advised to patch the previously exploited CVE-2021-41379 vulnerability from Microsoft updates.