Windows 10, Windows 11 at risk from new zero-day vulnerability: everything you need to know

A new zero-day vulnerability has been discovered in Windows that could allow attackers to exploit the Microsoft operating system and gain administrator rights on a device almost immediately. The vulnerability affects Windows 10, Windows 11, and Windows Server.

The flaw allows attackers with limited access to gain more privileges and spread across the system to further allow any kind of potential damage. A test of BleepingComputer shows that the exploit is able to acquire SYSTEM privileges from an account that has only standard privileges.

The new vulnerability discovered by Twitter user Abdelhamid Naceri was seen as a bypass of a patch that Microsoft previously rolled out in response to CVE-2021-41379. After the patch was released, Naceri showed how the vulnerability can be exploited ‘InstallerFileTakeOver’, a proof-of-concept tool on GitHub.

When testing on Windows 10 21H1 Build 19043.1348, the file supposedly took only a few seconds to get SYSTEM permissions. Microsoft is expected to release a security patch shortly to fix the vulnerability for the affected Windows versions.

Why the vulnerability became public

Naceri reportedly disclosed the zero-day vulnerability publicly “out of frustration with reducing Microsoft’s payouts in its bug bounty program,” adding that “Microsoft bounties have been destroyed since April 2020, I really wouldn’t do if MSFT didn’t make the decision ”. to downgrade these premiums. “

“This variant was discovered while analyzing the CVE-2021-41379 patch. however, the bug was not properly fixed instead of discarding the bypass, ”he explained on GitHub.

This isn’t the first time developers and security researchers have complained about reducing payouts for bug bounty programs.

As monetary incentives decline, users who encounter or discover vulnerabilities are less motivated to warn companies like Microsoft and instead choose to keep the vulnerabilities to themselves or, worse, sell them to malicious attackers.