A serious zero-day vulnerability affecting all Microsoft Windows systems has been reported in the past few days . From the details reported by the sector publications it seems that it particularly concerns Windows Installer and that through this application it is possible to make a privilege escalation attack. This type of exploit allows you to obtain rights that are typically forbidden to a standard user and, in this specific case, to become the SYSTEM user , the highest in the Windows hierarchy.
The zero-day vulnerability linked to CVE-2021-41379
Researcher Abdelhamid Naceri had previously reported the CVE-2021-41379 vulnerability to Microsoft which had released a corrective patch in security updates released in November. However, last weekend a new discovery: Naceri was able to bypass the Microsoft patch and therefore do privilege escalation without too much trouble.
In order to function, local access to the machine is required so as to be able to execute commands through the "standard" user. In this way, thanks to the bug in Windows Installer, it is possible to easily obtain SYSTEM privileges and therefore to perform any operation on the attacked machine.
Perhaps the most serious problem is the widespread vulnerability that is available in virtually every version of Windows, including the very latest Windows 11 and Windows Server 2022 .
The risks associated with vulnerability and the presence of the first malware
From the information reported by Bleeping Computer, some malware also began to circulate to begin testing the proof-of-concept related to the recent exploit.
Cisco researchers of the Talos Security Intelligence & Research group have found traces of the first malware that they believe to be part of some testing campaigns. In fact, the attack volumes still remain low but give an idea of how much demand for new vulnerabilities there is in the black market.
However, Microsoft itself has reassured its customers that the attack needs local access to the machine in order to work.
Future scenarios and waiting for a new patch
For the moment, Naceri himself has stated that the best possible workaround is to wait for a release from Microsoft , given the complexity of the vulnerability. In fact, any attempts to solve the problem only cause the Windows Installer to break and make it unusable.
While waiting for Microsoft to produce a patch capable of permanently resolving the previous vulnerability and the new zero-day, the advice we can always give is to pay close attention to what you download from the Internet. Furthermore, it is always advisable to avoid running software whose exact origin is not known so as to avoid any occasion to execute possible malicious codes.