Rewterz

Rewterz Threat Advisory – Multiple Microsoft Edge Vulnerabilities

November 23, 2021
Rewterz

Rewterz Threat Alert – Trickbot Malware – Active IOCs

November 23, 2021

Rewterz Threat Advisory – CVE-2021-41379 – New Windows Zero Day Exploited for Privilege Escalation

Severity

High

Analysis Summary

A security researcher has publicly disclosed an exploit for a new Windows zero day privilege escalation vulnerability which can lead to privilege escalation and give admin access to all supported versions of Windows 10, 11 and Windows Server 2022. 

This vulnerability was already patched in Microsoft’s patch Tuesday tracked as CVE-2021-41379. But according to security researcher “Naceri” who discovered a new variant while analyzing the previous vulnerability wrote in his blogpost that the bug was not fixed correctly and this variant is more powerful than the originally discovered variant. Naceri also explained, that while it is possible to configure group policies to prevent ‘Standard’ users from performing MSI installer operations, his zero-day bypasses this policy and will work anyway.

CVE-2021-41379 

Microsoft Windows could allow a locally authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Impact

  • Privilege Escalation

Affected Vendors

Microsoft

Affected Products

  • All supported versions of Windows 10 11 and Windows Server 2022

Remediation

Microsoft is likely to patch the vulnerability in the upcoming Microsoft Patch Tuesday update.

Furthermore, users are advised to patch the previously exploited CVE-2021-41379 vulnerability from Microsoft updates.

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41379

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.