New Windows zero-day with public exploit lets you become an admin

new-windows-zero-day-with-public-exploit-lets-you-become-an-admin

Did you know that camDown helps stop hackers from getting access to the webcam that I use for my work. Now I can get even more gigs as a freelancer and advertise that I have top security with my home computer?

Log in or sign up to leave a comment

level 1

Jokes on them, everybody already has local admin so the help desk doesn't have to be bothered with installing software during COVID (wish this was a /s)

level 2

Maybe your company should be using something like Threatlocker which provides application allow listing and elevation for allowed programs so they do not have to be admins.

level 1

checks calendar for patch tuesday

sweating intensifies

level 1

Happy Thanksgiving

-sincerely,

Microsoft

level 2

This isn’t the Thanksgiving exploit.

level 2

Turn your phone off now. Go camping.

level 1

Final note, while I was working on CVE-2021-41379 patch bypass. I was successfuly able to product 2 msi packages, each of them trigger a unique behaviour in windows installer service. One of them is the bypass of CVE-2021-41379 and this one. I decided to actually not drop the second until Microsoft patch this one. So Be ready !

I'm sure this is all the foreign parties need to start exploiting. Cheers.

level 1

Ffs… every time I try to take a few days off, boom, fucking shits on fire again…

level 2

Nothing you can do - walk away! Block all internet access to this post and bury your head.

level 1

This is the PoC the researcher posted: https://github.com/klinix5/InstallerFileTakeOver

Q1 - Can someone explain exactly how do i run this on my PC?

Q2 - was this a responsible disclosure? Won't Microsoft sue him for going public with this instead of reporting it privately to them?

level 2

This is just one example of the frustration ethical security researchers have. The amount of time and skill it requires to find a zero day like this is insane. Then to want to disclose to one of the wealthiest companies in the world for a “fair” payout takes a certain type of good person.

As there is a whole underworld markets that pay 10x as much for these same vulnerabilities.

When Microsoft does acts like this it’s not them who suffer. It’s us

level 2

  1. Run this

  2. Yes they can sue me, but they know it's a bad idea.

level 2

/u/halove23 is claiming to be the author. You might want to ask them.

level 1

I've always wanted to become an admin! Does it come with a free degree and job too?

/s lol thats neat though!

level 1

Woulda thought lowering your bug bounties would make your system less secure 🤷🏻‍♂️

Let's not forget that camDown helps make you invisible to hackers and guard your personal data and your neighbors would say the same.