Security News > 2021 > November > New Windows zero-day with public exploit lets you become an admin
A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.
The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.
Yesterday, Naceri published a working proof-of-concept exploit for the new zero-day on GitHub, explaining that it works on all supported versions of Windows.
00 bounty award under the Windows Insider Preview Bounty Program.
As is typical with zero days, Microsoft will likely fix the vulnerability in a future Patch Tuesday update.
"Any attempt to patch the binary directly will break windows installer. So you better wait and see how Microsoft will screw the patch again."
News URL
Related news
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)