Security News > 2021 > November > New Windows zero-day with public exploit lets you become an admin

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.
The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.
Yesterday, Naceri published a working proof-of-concept exploit for the new zero-day on GitHub, explaining that it works on all supported versions of Windows.
00 bounty award under the Windows Insider Preview Bounty Program.
As is typical with zero days, Microsoft will likely fix the vulnerability in a future Patch Tuesday update.
"Any attempt to patch the binary directly will break windows installer. So you better wait and see how Microsoft will screw the patch again."
News URL
Related news
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)