News by Xiaomi Miui Hellas
Home » All the news » Apps / Roms » Useful applications » Microsoft Windows: New Zero-Day vulnerability leaves all versions of Windows vulnerable
Useful applications

Microsoft Windows: New Zero-Day vulnerability leaves all versions of Windows vulnerable

microsoft-logo

A new zero-day vulnerability in Windows affects all versions of Windows, including the Windows 11 and Windows Server 2022.


Σaccording to what is published today in gr.pcmag.com, The Jason Schultz, the Technical Leader at Talos Security Intelligence & Research Group, shared details about the vulnerability, which comes from a previous error of Windows Installer which Microsoft believed it had fixed earlier this month (CVE-2021-41379).

The initial vulnerability allowed a user with a limited privilege account to scale up their privileges and delete specific files on a system. However, this new vulnerability seems to be more serious.



The security researcher Abdelhamid Naceri, which Microsoft acknowledged its help in its notes patch CVE-2021-41379, analyzed the code and found that "the error was not corrected correctly".

Abdelhamid posted details on GitHub and explained how this variant is more powerful than the original because it completely bypasses the group policy included in the Windows installation manager. The result is that an attacker can overwrite any executable file on the system with an MSI file and can execute code as an administrator.

There is currently no update to fix this vulnerability and malware samples have been discovered in general. Therefore, it is a known vulnerability and if it is not used already, it will be done very soon.

Ο Abdelhamid believes that the only thing users can do is wait for Microsoft to release another security patch due to the complexity of the vulnerability and "any attempt to repair the binary directly will break the Windows installer».

As always, Windows users should run a security suite and keep all their software applications up to date as a precaution against any malicious activity.

Hopefully the coverage you get this zero-days exploit will encourage her Microsoft to quickly create and release one security patch.


Mi TeamDo not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn

 

Follow us on Telegram so that you are the first to learn our every news!

 

Read also

Leave a comment

* By using this form you agree to the storage and distribution of your messages on our page.

This site uses Akismet to reduce spam comments. Find out how your feedback data is processed.

Leave a Review

Xiaomi Miui Hellas
The official community of Xiaomi and MIUI in Greece.
Read also
This is the list of changes brought to us by the new 21.11.24 / 25 Version of…