Security News > 2021 > November > Attackers Actively Target Windows Installer Zero-Day
Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem.
Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer elevation-of-privilege vulnerability tracked as CVE-2021-41379 that Microsoft patched a couple of weeks ago as part of its November Patch Tuesday updates.
If exploited, the POC, called InstallerFileTakeOver, gives an actor administration privileges in Windows 10, Windows 11 and Windows Server when logged onto a Windows machine with Edge installed.
"Can confirm this works, local priv esc," tweeted security researcher Kevin Beaumont, who said he tested it on Windows 10 20H2 and Windows 11.
As detailed by Microsoft, CVE-2021-41379 is a Windows Installer elevation of privilege vulnerability with a rating of low on the Common Vulnerability Scoring System.
The associated POC works in every supporting windows installation, including Windows 11 and Server 2022 with the November 2021 patch, as well as in server installations, Naceri wrote.
News URL
https://threatpost.com/attackers-target-windows-installer-bug/176558/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-41379 | Link Following vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 5.5 |