They detect a new vulnerability that can seriously endanger Windows users. This is a flaw that would allow an attacker to gain administrator permissions and take control of the computer. A security researcher has published an exploit that can be used to exploit that breach. It affects the latest versions of the operating system. It is also a variant of a vulnerability that has already been patched.
A vulnerability allows gaining administrator permissions
Security researcher Abdelhamid Naceri has been in charge of discovering this security flaw that affects Windows and launching a public exploit to demonstrate how it works. That exploit is available to everyone on GitHub . The problem is, as of this writing, the vulnerability has not yet received patches.
This same security researcher was the one who discovered the vulnerability CVE-2021-41379 , which was fixed in the November patches. It also allowed an attacker to gain administrator permissions. This bug is a variant and allows similar actions as well.
It indicates that this vulnerability may work in the most recent versions of Microsoft‘s operating system, although it might not work in Windows Server 2016 and 2019. It ensures that its proof of concept is quite reliable and works every time. What it does is overwrite the Microsoft Edge DACL service and it copies itself to the service location to gain elevated privileges.
We are facing a fact that does not usually occur, and that is that Naceri has published this exploit before reporting the vulnerability to Microsoft. As indicated in Bleeping Computer, it has done so in reaction to the bug bounties offered by the software giant.
Update as soon as there are patches
At the moment, as we have indicated, there is no patch available to correct this vulnerability. Yes there are for other similar failures. This is why users should wait for a fix to be available and update as soon as possible to fix this issue.
However, from this article we always recommend having the latest versions in our operating systems. It does not matter if we are home users or we are managing a network of business computers. We must always install all the patches and correct any problems that may arise.
This security researcher indicates that running standard user accounts , rather than accounts with administrative privileges, is considered a good security practice, as doing so can limit what vulnerabilities and successful attacks can do to a system.
In this case we have seen a vulnerability that affects Windows, but there may be similar flaws in other operating systems such as Android, for example. But we must always update the operating system to the latest version, but also any program that we have installed. In all these cases there could be vulnerabilities that could be exploited by an attacker.
We have seen on other occasions how to update the network card, something also essential so that connections are always secure and that intruders do not easily enter. We must update both at the software level as well as the connected devices.
