Bleeping Computer reported that cybersecurity researcher has published an exploit for a new zero-day vulnerability that can be used to escalate local privileges in all supported versions of Windows, including Windows 10, Windows 11 and Windows Server 2022.
The journalists write that they have already tried the exploit in action and were able to open the command line with SYSTEM privileges using an account with Standard privileges.
And posted a video demonstration:
This month, as part of Patch Tuesday, Microsoft patched the Windows Installer privilege escalation vulnerability CVE-2021-41379. This problem was discovered by cybersecurity researcher Abdelhamid Naceri, who has now reported that the patch can be bypassed, and the vulnerability then transforms into a more serious problem.
Naseri has already posted a PoC exploit for the new 0-day issue on GitHub, highlighting that the bug is dangerous for all supported OS versions. Naseri explains that while it is possible to configure Group Policy to prevent Standard users from performing MSI installer operations, a new vulnerability can bypass this policy.
When reporters asked Naseri why he publicly disclosed information about a serious 0-day vulnerability, he replied that he was disappointed with the decrease in the size of rewards in Microsoft’s bug bounty program.
Let me remind you that recently we also wrote about another vulnerability in Windows 10 that could allow gaining administrator privileges.