You can instantly become an admin with a new exploit on Windows zero-day

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • Researchers have revealed a new exploit on Windows zero-day that grants admin privileges in WIndows 10, 11 and Windows Server releases.
  • Once the vulnerability has been exploited, the threat actors gain SYSTEM rights, they will be able to further move around the network.
  • The flaw was first discovered in the October 2021 Patch Tuesday.

Cybersecurity has come a long way and researchers have now discovered a new exploit that is a Windows vulnerability.

The new exploit takes advantage of local privileges and grants administrators access to Windows 10, Windows 11 and Windows Server versions.

Once access is granted to a Standard user account,it has the potential of elevating to SYSTEM user privileges and making further movements within the network.

The vulnerability was apparently discovered in the October 2021 Patch Tuesday and fixed in the November 2021 Patch Tuesday. There was a bypass that discovered a more powerful privilege vulnerability and took advantage of the situation.

Proof of Concept

Trend Micros’s Abdelhamid Naceri published a working proof-of-concept (PoC) exploit for the new zero-day and says it functions on all supported versions of Windows.

“This variant was discovered during the analysis of CVE-2021-41379 patch. the bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one” 

According to Naceri, the PoC is “extremely reliable.” He has put it under test in varied conditions and different Windows variants which were successful on each attempt.

He further explains that the PoC even works in Windows server installation. This is rare because it does not allow standard users to perform MSI installer operations.

“The best workaround available at the time of writing this is to wait [for] Microsoft to release a security patch, due to the complexity of this vulnerability. Any attempt to patch the binary directly will break [the] windows installer” 

What do you make of this new exploit? Share your thoughts in the comment section.