New Windows Installer Zero-Working day Exploit Is in the Wild

A not long ago disclosed Microsoft Home windows Installer zero-working day vulnerability is now staying explored by malware creators. Publicly disclosed by stability researcher Abdelhamid Naceri on a Github article past Sunday, the vulnerability will allow for area privilege escalation from person-amount privileges up to Procedure degree – the greatest security clearance doable. In accordance to the stability researcher, this exploit will work in all supporting variations of Home windows – such as totally-patched Home windows 11 and Home windows Server 2022 installations. Prior to posting the exploit on GitHub, Naceri 1st disclosed it to Microsoft and labored with the company to review the vulnerability.

Microsoft introduced a mitigation for the CVE-2021-41379 zero-working day exploit in November 2021’s Patch Tuesday – but seemingly failed to remediate the concern entirely. Naceri then took to his GitHub post to give a proof-of-idea exploit of the vulnerability that performs even after Microsoft’s mitigations were utilized.

For the more technically-minded, Naceri’s exploit leverages the discretionary entry command listing (DACL) for Microsoft Edge Elevation Services – this will allow an attacker to change any executable file on the program with an MSI file – and to operate code as an administrator. BleepingComputer has examined Naceri’s exploit and was able to open a command prompt with Procedure permissions from an account with very low-amount ‘Standard’ privileges. 

Windows command-line screenshot of the privilege escalation

The researcher shared a Home windows command-line screenshot of the privilege escalation. (Impression credit history: Abdelhamid Naceri)

Cybersecurity business Cisco Talos has delivered a assertion about the exploit, reporting that they have presently observed scenarios of malware in the wild that are at present attempting to exploit the flaws. As Cisco Talos’ Head of Outreach Nick Biasini informed BleepingComputer, these exploitation tries appear to be focused on screening and tweaking the exploits as preparation for larger sized-scale assaults.