In step with Cisco Talos, abusing the flaw would allow an attacker with limited get right to use to get higher privileges and turn out to be an administrator.
A House space house home windows Installer protection vulnerability, tracked as CVE-2021-41379, was once as soon as once as soon as patched by the use of Microsoft, on the other hand consistent with a record from Cisco Talos, hackers already had created malware to make the most of this privilege escalation flaw identified all the way through the undertaking tool deployment of the House space house home windows Installer.
The vulnerability had a severity score of 5.5 out of 10. On your knowledge, MS House space house home windows Installer performs a lot of an important functions like setting up/updating/uninstalling tool.
About MS House space house home windows Installer Vulnerability
Protection researcher Abdelhamid Naceri initially discovered the vulnerability. In step with Naceri, the exploit was once as soon as once as soon as already supply to let an attacker obtain higher-level get right to use to specific instrument wisdom. On the other hand, they received’t obtain the privileges required to view or keep watch over their contents.
How it is Exploited
In step with Cisco Talos, abusing the flaw would allow an attacker with limited get right to use to get higher privileges and turn out to be an administrator. Each and every style of MS House space house home windows is impacted by the use of this flaw, in conjunction with the definitely patched Server 2002 and House space house home windows 11. Researchers moreover detected malware samples all the way through the wild, exploiting this vulnerability.
Did Patch Aggravate the Situation?
In his put up on GitHub, Naceri insisted that patching the vulnerability intensified the issue as he widely recognized that the bug wasn’t as it should be mounted and an extra tricky exploit was once as soon as once as soon as moreover available.
House space house home windows installer LPE 0dayhttps://t.co/eiXBWnuDuH
— Abdelhamid Naceri (@KLINIX5) November 22, 2021
Additionally, the researcher posted a PoC (proof-of-concept) on November 22, demonstrating how the exploitation occurs by the use of overwriting MS Edge’s elevation supplier Discretionary Get admission to Keep watch over Checklist (DACL). It is going to get copied to the supplier location and carried out to get SYSTEM level privileges.
“On your notes, this works in each supporting house space house home windows arrange, in conjunction with House space house home windows 11 & Server 2022 with November 2021 patch. This variant was once as soon as once as soon as discovered all the way through the analysis of the CVE-2021-41379 patch. the bug was once as soon as once as soon as no longer mounted as it should be, alternatively, as a substitute of dropping the bypass. I have decided at once to in truth drop this variant as it is further tricky than the original one, ”Naceri wrote.
It is value noting that Microsoft patched the vulnerability in collaboration with Naceri, and it was once as soon as once as soon as introduced on November 9.