Select Page

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit.

Cisco Talos disclosed that it “detected malware samples in the wild that are attempting to take advantage of this vulnerability.”

Tracked as CVE-2021-41379 and discovered by security researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Windows Installer software component was originally resolved as part of Microsoft’s Patch Tuesday updates for November 2021.

However, in what’s a case of an insufficient patch, Naceri found that it was not only possible to bypass the fix implemented by Microsoft but also achieve local privilege escalation via a newly discovered zero-day bug.

images from Hacker News