Security News > 2021 > November > After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable.
Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day Initiative, has analyzed the patch for CVE-2021-41379 and found that the bug was "Not fixed correctly."
So he created and made available on GitHub a reliable proof-of-concept exploit that - others have confirmed - works on fully patched Windows 10, 11, and Windows Server 2022.
For the exploit to work, an attacker must already have access to the targeted Windows machine and Microsoft Edge must be installed on it.
There is currently no official workaround to mitigate the risk posed by this flaw and its failed patch.
Any attempt to patch the binary directly will break Windows Installer, Naceri notes, so users' and admins' best bet is to wait for Microsoft to come up with a new patch that actually works.
News URL
https://www.helpnetsecurity.com/2021/11/24/cve-2021-41379/
Related news
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
- LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers (source)
- Security pros baited with fake Windows LDAP exploit traps (source)
- Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices (source)
- Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-41379 | Link Following vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 0.0 |