Home > Cyber News > CVE-2021-41379 Affects All Currently Supported Windows Versions

CVE-2021-41379 Affects All Currently Supported Windows Versions

CVE-2021-41379 Affects All Currently Supported Windows Versions
CVE-2021-41379 is an elevation-of-privilege vulnerability which Microsoft fixed earlier this month. However, it turns out that there is another, “more powerful” variant, discovered by security researcher Abdelhamid Naceri. He came across a Windows Installer EoP flaw patched by Microsoft several weeks ago as part of November 2021 Patch Tuesday.

The Story Behind CVE-2021-41379 Elevation of Privilege Bug

Naceri analyzed the official patch and found a bypass, alongside an even more dangerous zero-day privilege escalation issue. A proof-of-concept code exploit code, dubbed InstallerFileTakeOver, is also available on GitHub. The vulnerability can be exploited against all currently supported Windows OS versions, enabling threat actors to take over Windows 10, Windows 11 and Windows Server. The only necessary condition is being logged onto a Windows machine that has the Edge browser installed.

As pointed out by Cisco Talos in a separate analysis of the happening, “the patch released by Microsoft was not sufficient to remediate the vulnerability, and Naceri published proof-of-concept exploit code on GitHub on Nov. 22 that works despite the fixes implemented by Microsoft.”

The InstallerFileTakeOver PoC exploit leverages the discretionary access control list (DACL) for Microsoft Edge Elevation Service to replace any executable file on the system with an MSI file, thus enabling threat actors to run code as an administrator.

CVE-2021-41379 was initially given a medium-severity status, but the release of the fully functional proof-of-concept adds another threat level to the vulnerability. Currently, there is no fix available from Microsoft.

In 2020, another Microsoft vulnerability stood out in the bug crowd, as the company failed to address it for 2 years.

CVE-2020-1464 vulnerability was part of the 120 security flaws addressed in last year’s August’s Patch Tuesday. The bug was actively expoited in malicious attacks for at least two years before Microsoft fixed it. The issue was a spoofing flaw triggered by the incorrect way Windows validates file signatures. In case of a successful exploit, the attacker could bypass security features and load improperly signed files.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree