This dangerous Windows zero-day lets you instantly become an admin

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Cybersecurity researchers have publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server releases.

Exploiting this bug, threat actors with access to a limited Standard user account on a vulnerable Windows installation can elevate to SYSTEM user privileges, and then move laterally within the network.

Abdelhamid Naceri working with Trend Micro’s Zero Day Initiative had originally discovered the vulnerability, which Microsoft had fixed as part of the November 2021 Patch Tuesday. However, examination of Microsoft’s patch led Naceri to discover a bypass that led to the more powerful new privilege elevation vulnerability.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

Powerful PoC

Naceri has published a working proof-of-concept (PoC) exploit for the new zero-day, saying that it works on all supported versions of Windows.

“This variant was discovered during the analysis of CVE-2021-41379 patch. the bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one,” wrote Naceri.

Naceri claims that his PoC is “extremely reliable,” and he’s tested it in multiple conditions and Windows variants and found that it works in every attempt. Furthermore, he explains that the PoC even works in Windows server installation as well, which by default doesn't allow standard users to perform MSI installer operations.

“The best workaround available at the time of writing this is to wait [for] Microsoft to release a security patch, due to the complexity of this vulnerability. Any attempt to patch the binary directly will break [the] windows installer,” suggests Naceri.

Protect your computers with the help of the best endpoint protection tools and use these best security keys to add another layer to safeguard your accounts

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.