Security News > 2021 > November > After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable.
Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day Initiative, has analyzed the patch for CVE-2021-41379 and found that the bug was "Not fixed correctly."
So he created and made available on GitHub a reliable proof-of-concept exploit that - others have confirmed - works on fully patched Windows 10, 11, and Windows Server 2022.
For the exploit to work, an attacker must already have access to the targeted Windows machine and Microsoft Edge must be installed on it.
There is currently no official workaround to mitigate the risk posed by this flaw and its failed patch.
Any attempt to patch the binary directly will break Windows Installer, Naceri notes, so users' and admins' best bet is to wait for Microsoft to come up with a new patch that actually works.
News URL
https://www.helpnetsecurity.com/2021/11/24/cve-2021-41379/
Related news
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-41379 | Link Following vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 0.0 |