Security News > 2021 > November > Malware now trying to exploit new Windows Installer zero-day
Malware creators have already started testing a proof-of-concept exploit targeting a new Microsoft Windows Installer zero-day publicly disclosed by security researcher Abdelhamid Naceri over the weekend.
On Sunday, Naceri published a working proof-of-concept exploit for this new zero-day, saying it works on all supported versions of Windows.
If successfully exploited, this bypass gives attackers SYSTEM privileges on up-to-date devices running the latest Windows releases, including Windows 10, Windows 11, and Windows Server 2022.
SYSTEM privileges are the highest user rights available to a Windows user and make it possible to perform any operating system command.
BleepingComputer has tested Naceri's exploit and used it to successfully open a command prompt with SYSTEM permissions from an account with low-level 'Standard' privileges.
"Any attempt to patch the binary directly will break windows installer. So you better wait and see how Microsoft will screw the patch again."
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Malicious ads exploited Internet Explorer zero day to drop malware (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)