New Windows Zero-Day affects Windows 10, Windows 11, and Windows Server will allow anyone to get administrative rights on the device. It affects all versions of Windows supported and can allow attackers with limited access to devices to easily increase their privileges to spread throughout the network.
Blleepingcomputer has tested exploitation on Windows and can use it to open command prompts with system privileges from accounts that only have “standard” privileges. This vulnerability was bypass to fillings launched by Microsoft in response to CVE-2021-41379 and was discovered by Abdelhamid Naceri security researchers. Patch was applied in the release of Tuesday patch this month. Naceri released evidence of concepts about GitHub who showed how to exploit vulnerabilities, and bleepingpomputer shows how the “installerFiliner” naceri exploits only works in a system count to get system privileges. It was tested on Windows 10 21H1 Build 19043.1348.
“This variant was found during the patch analysis of CVE-2021-41379. The bug was not correctly fixed, instead of dropping bypass,” explained Naceri on GitHub. “I have chosen to really drop this variant because it is stronger than the original.” When asked by bleepingcomputer why he revealed the vulnerability of Zero-day publicly, he said that he did it because of the frustration of Microsoft’s payment that reduced in the Bounty Bug program. “Microsoft boket has been discarded since April 2020, I really won’t do that if MSFT doesn’t make a decision to lower the prize,” he said.
Naceri is not the first researcher who voiced his concern regarding the reduced bug payments from Microsoft. Payment of lower values encourage hackers to maintain vulnerabilities for themselves, or worse, sell them to others who can use it evil.
We hope that Microsoft will try to patch this exploitation in the update Tuesday patch in the future. Naceri said that the best solution was to wait for Microsoft to release security patches for various versions of affected Windows.