Security News > 2021 > November > After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable.
Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day Initiative, has analyzed the patch for CVE-2021-41379 and found that the bug was "Not fixed correctly."
So he created and made available on GitHub a reliable proof-of-concept exploit that - others have confirmed - works on fully patched Windows 10, 11, and Windows Server 2022.
For the exploit to work, an attacker must already have access to the targeted Windows machine and Microsoft Edge must be installed on it.
There is currently no official workaround to mitigate the risk posed by this flaw and its failed patch.
Any attempt to patch the binary directly will break Windows Installer, Naceri notes, so users' and admins' best bet is to wait for Microsoft to come up with a new patch that actually works.
News URL
https://www.helpnetsecurity.com/2021/11/24/cve-2021-41379/
Related news
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-41379 | Link Following vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 5.5 |