Security News > 2021 > November > Zero-day proof-of-concept exploit lands for Windows make-me-admin vulnerability
The day has a 'y' in it, so it must be time for another zero day to drop for a Microsoft product.
To be clear, one does need to be logged into a Windows box to elevate one's privileges, and it looks like Edge also needs to be installed - which is hard to avoid in most modern Windows installations these days.
Naceri discovered the security hole while looking into Microsoft's fix for CVE-2021-41379, a vulnerability he had disclosed to the Windows giant previously.
As for the original issue, CVE-2021-41379, the vulnerability was related to the Windows Installer service, which could be abused to delete files or directories.
"Any attempt to patch the binary directly will break Windows Installer," he went on.
The Register contacted Microsoft regarding this vulnerability and will update should the IT goliath respond.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/11/23/windows_lpe/
Related news
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-41379 | Link Following vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 0.0 |