A new Zero-Day security vulnerability for all versions of Windows OS with active malware samples ‘in the wild’ discovered: ‘InstallerFileTakeOver’ bug grants Admin rights

InstallerFileTakeOver Zero Day Security Vulnerability All Windows OS Versions
All versions of Windows OS are currently vulnerable to a new Zero-Day security exploit. Pic credit: Juan Carlos Cabrera/Flickr

All popular and currently supported versions of the Windows Operating System are vulnerable to a serious security vulnerability. The latest Zero-Day bug, dubbed “InstallerFileTakeOver” is a Local Privilege-Elevation vulnerability that grants control of fully patched Windows 10, 11, and Server systems.

Abdelhamid Naceri, the author who first discovered and named the Zero-Day security vulnerability has published the Proof-of-Concept (POC) code onto the Microsoft-owned GitHub. Preliminary testing confirms the bug can grant Administrator-level access to low-level accounts on any Windows OS version.

Microsoft poorly patched CVE-2021-41379, which resulted in InstallerFileTakeOver bug:

Security researcher Abdelhamid Naceri was analyzing a patch that Microsoft had released to address CVE-2021-41379, a security loophole with similar powers. Needless to mention, Microsoft has clearly failed to address the bug. This resulted in the InstallerFileTakeOver bug.

Naceri has indicated that the new variant is more powerful than the original. It completely bypasses the Group Policy included in the administrative install feature of Windows.

Using this exploit an attacker gains Administrator-level rights. Consequentially, attackers can replace any executable file on the system with an MSI file. Essentially, attackers can potentially gain complete control.

“While group policy by default doesn’t allow standard users to do any MSI operation. The administrative install feature thing seems to be completely bypassing group policy,” noted Naceri.

The latest Zero-Day security vulnerability in all versions of Windows OS remains unpatched, and is exploited in the wild:

It is concerning to note that there’s no patch for the security vulnerability. Moreover, researchers have discovered malware samples “in the wild”.

This clearly means that some threat actors are aware of the exploit and are creating software to take advantage of the same.

Microsoft has yet to fully patch the previous loophole that exposed Windows 10 and 11 to the Local Privilege-Escalation security threat.

Naceri has observed that Windows OS users can only wait for Microsoft to release another security patch because of the complexity of the vulnerability. This is because any workaround for the bug, “breaks windows installer.”

It is important to note that popular antivirus and anti-malware platforms can detect and stop the majority of such attacks. Hence it is critical to regularly update all security-related applications.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x