Exploit released for Microsoft Exchange RCE bug, patch now
US govt warns of increased ransomware risks during holidays
New Windows zero-day with public exploit lets you become an admin
Biometric auth bypassed using fingerprint photo, printer, and glue
Windows 11 KB5007262 Cumulative Update Preview Released
New Windows zero-day with public exploit lets you become an admin
Exploit released for Microsoft Exchange RCE bug, patch now
UK govt warns thousands of SMBs their online stores were hacked
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Windows vulnerability
A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.
BleepingComputer has tested the exploit and used it to open to command prompt with SYSTEM privileges from an account with only low-level ‘Standard’ privileges.
Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network.
The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.
As part of the November 2021 Patch Tuesday, Microsoft fixed a ‘Windows Installer Elevation of Privilege Vulnerability’ vulnerability tracked as CVE-2021-41379.
This vulnerability was discovered by security researcher Abdelhamid Naceri, who found a bypass to the patch and a more powerful new zero-day privilege elevation vulnerability after examining Microsoft’s fix.
Yesterday, Naceri published a working proof-of-concept exploit for the new zero-day on GitHub, explaining that it works on all supported versions of Windows.
“This variant was discovered during the analysis of CVE-2021-41379 patch. the bug was not fixed correctly, however, instead of dropping the bypass,” explains Naceri in his writeup. “I have chosen to actually drop this variant as it is more powerful than the original one.”
Furthermore, Naceri explained that while it is possible to configure group policies to prevent ‘Standard’ users from performing MSI installer operations, his zero-day bypasses this policy and will work anyway.
BleepingComputer tested Naceri’s ‘InstallerFileTakeOver’ exploit, and it only took a few seconds to gain SYSTEM privileges from a test account with ‘Standard’ privileges, as demonstrated in the video below.
The test was performed on a fully up-to-date Windows 10 21H1 build 19043.1348 install.
When BleepingComputer asked Naceri why he publicly disclosed the zero-day vulnerability, we were told he did it out of frustration over Microsoft’s decreasing payouts in their bug bounty program.
“Microsoft bounties has been trashed since April 2020, I really wouldn’t do that if MSFT didn’t take the decision to downgrade those bounties,” explained Naceri.
Naceri is not alone in his concerns about what researchers feel is the reduction in bug bounty awards.
Under Microsoft’s new bug bounty program one of my zerodays has gone from being worth $10,000 to $1,000 
BE CAREFUL! Microsoft will reduce your bounty at any time! This is a Hyper-V RCE vulnerability be able to trigger from a Guest Machine, but it is just eligible for a $5000.00 bounty award under the Windows Insider Preview Bounty Program. Unfair! @msftsecresponse
@msftsecurity pic.twitter.com/sJw3cjsliF
BleepingComputer has reached out to Microsoft about the disclosed zero-day and will update the article if we receive a reply.
As is typical with zero days, Microsoft will likely fix the vulnerability in a future Patch Tuesday update.
However, Naceri warned that it is not advised to try and fix the vulnerability by attempting to patch the binary as it will likely break the installer.
“The best workaround available at the time of writing this is to wait Microsoft to release a security patch, due to the complexity of this vulnerability,” explained Naceri.
“Any attempt to patch the binary directly will break windows installer. So you better wait and see how Microsoft will screw the patch again.”
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
Microsoft October 2021 Patch Tuesday fixes 4 zero-days, 71 flaws
Microsoft: Windows Installer breaks apps after updates, repairs
Microsoft increases Windows 11 rollout pace to Windows 10 devices
How to fix the Windows 0x0000007c network printing error
I fail to understand why anyone would seek a bug bounty from Microsoft in the first place

They simply maintain Monopoly Control from your hard work so they don’t have to work

Stop paying for your own enslavement!

A bug bounty is where a company (such as Microsoft) pays you for reporting a vulnerability. If you don’t want to do it, then that’s OK, because there are plenty of people who enjoy earning tons of money from companies for helping them discover their security issues.
The complaints in the story indicate they are NOT making tons of money?

Didn’t you read that far?

I guess ethics don’t mean much to Naceri.
Very True!

You have to guess that ethics don’t mean much to Naceri.

With Microsoft, there is no need to guess
This Exploit was unknown, Until You post it @BleepingComputer
Closing your eyes will not mean that the Exploint does not exist.
In some ways, I think it is good that the information about Exploits is shown to the “public”. This forces the responsible companies to act.
best regards
// MisterVVV
Not a member yet? Register Now
How to download a Windows 10 21H2 ISO from Microsoft
GoDaddy hack causes data breach affecting 1.2 million customers
To receive periodic updates and news from BleepingComputer, please use the form below.
Malwarebytes for Mac
Malwarebytes Anti-Malware
Farbar Recovery Scan Tool
Windows Repair (All In One)
Sophos Home
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source