24/11/2021

Windows Installer Elevation of Privilege Vulnerability (CVE-2021-41379) 

Summary 

On 22/11, security researcher Abdelhamid Naceri publicly disclosed a new zero-day vulnerability for “Windows Installer Elevation of Privilege”, which Microsoft had attempted to patch in November 2021, under CVE-2021-41379.

The patch released by Microsoft in early November has inadvertently harboured a new, more powerful zero-day privilege elevation vulnerability.

Proof of concept for this new exploit has been published on GitHub, which explains that it works on all supported versions of Windows, including Windows 10, 11 and Server 2022.

The researcher explains this “more powerful” variant was identified when testing Microsoft’s patch for the original vulnerability and has decided to publicly disclose this in protest of Microsoft’s reduced payments to Bug Bounty Program researchers.

Vulnerable versions: 

  • All supported versions of Windows, including Windows 10, 11 and Server 2022.

Recommendation(s): 

Currently, there are no published workarounds or mitigations for this new exploit. Our security partners are aware of this and will continue to monitor for any further updates.

Full Details and References

Questions:

If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners