Cisco Talos Computer Security Group has discovered a new vulnerability that affects all versions of Windows to date, including Windows 11 and Server 2022. This vulnerability is in the Windows Installer and allows hackers to increase their privileges to become administrators.
The discovery of this vulnerability prompted the Cisco Talos team to update the Snort Rules, which include rules for detecting attacks that target a list of vulnerabilities. The list of updated rules includes an increase in vulnerabilities in zero-day privileges, as well as new and revised rules for threats arising from browsers, operating systems, and network protocols, among others. p>
Using this vulnerability allows hackers to increase their privileges as a system administrator with limited user access. The security company has already found examples of malware on the Internet, so it is very likely that one of them has already fallen victim to it. p>
Microsoft security researcher Abdelhamid Nasseri previously reported this vulnerability to Microsoft. And apparently it was patched on November 9, modified by CVE-2021-41379. However, this patch didn't seem to be enough to fix the problem, as the problem persisted, forcing Naceri to post a proof of concept on GitHub.
< p> Proof of Concept in Action p>
Simply put, the proof-of-concept shows how a hacker can replace any executable file on a system with an MSI file using an optional slow access control checklist (DACL) for the Microsoft Edge Elevation service. p>
Microsoft has classified this vulnerability as Medium, with a Common Vulnerability (CVSS). Oring System) score 5.5 and time 4.8. Now that practical proof-of-concept use code is available, others can take advantage of it even more and possibly increase these perks. At the moment, Microsoft has not introduced any new updates to mitigate the vulnerabilities. p>
It seems that Naceri herself tried to fix this duo, but it did not work. Until Microsoft fixes this vulnerability, the Cisco Talos Group recommends that people using Cisco Secure Firewall update their rules with Snort 58635 and 58636 to protect users from abuse. p>
The new Zero Day Windows Installer vulnerability affects all versions of Microsoft Windows