Attackers exploiting Windows Installer vulnerability despite patching

According to Cisco Talos, abusing the flaw would allow an attacker with limited access to get higher privileges and become an administrator.

A Windows Installer security vulnerability, tracked as CVE-2021-41379, was patched by Microsoft, but according to a report from Cisco Talos, hackers already had created malware to exploit this privilege escalation flaw identified in the enterprise application deployment of the Windows Installer.

The vulnerability had a severity score of 5.5 out of 10. For your information, MS Windows Installer performs several crucial functions like installing/updating/uninstalling software.

About MS Windows Installer Vulnerability

Security researcher Abdelhamid Naceri originally discovered the vulnerability. According to Naceri, the exploit was already present to let an attacker obtain higher-level access to specific system files. However, they won’t obtain the privileges required to view or modify their contents.

How it is Exploited

According to Cisco Talos, abusing the flaw would allow an attacker with limited access to get higher privileges and become an administrator. Every version of MS Windows is impacted by this flaw, including the fully patched Server 2002 and Windows 11. Researchers also detected malware samples in the wild, exploiting this vulnerability.

Did Patch Worsen the Situation?

In his post on GitHub, Naceri

Read More: https://www.hackread.com/attackers-exploite-windows-installer-vulnerability-patch/