Security News > 2021 > November > Malware now trying to exploit new Windows Installer zero-day
Malware creators have already started testing a proof-of-concept exploit targeting a new Microsoft Windows Installer zero-day publicly disclosed by security researcher Abdelhamid Naceri over the weekend.
On Sunday, Naceri published a working proof-of-concept exploit for this new zero-day, saying it works on all supported versions of Windows.
If successfully exploited, this bypass gives attackers SYSTEM privileges on up-to-date devices running the latest Windows releases, including Windows 10, Windows 11, and Windows Server 2022.
SYSTEM privileges are the highest user rights available to a Windows user and make it possible to perform any operating system command.
BleepingComputer has tested Naceri's exploit and used it to successfully open a command prompt with SYSTEM permissions from an account with low-level 'Standard' privileges.
"Any attempt to patch the binary directly will break windows installer. So you better wait and see how Microsoft will screw the patch again."
News URL
Related news
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)