Security shock for millions of Windows users!

Security shock for millions of Windows users!

There is a leak in Windows, which creates a security shock for the users of the operating system.

Windows 10 and 11 have had some security issues before. But just when you thought it was safe with the operating system, a problem crops up. According to a Bleeping Computer report, a failed November Patch Tuesday patch would cause a leak. This could put millions of users of Windows 10, Windows 11 and Windows Server at risk of being taken over.

Security Shock Windows Users

The latest security fix rollout is only a few weeks old. This was part of the monthly Patch Tuesday rollout. This included a CVE-2021-41379. This Windows Installer elevation of privilege vulnerability could have given anyone with local access to your Windows computer the means to tamper with files. Which, of course, they shouldn’t have access to. However, in the update guide at the time, Microsoft stated that an attacker could delete “only targeted files” on the system. This instead of being given the privileges necessary to view or otherwise modify the content.

Microsoft quickly found out and thought they had solved it. But alas, they were wrong. In fact, it has gotten worse.

Vulnerability

The researcher who discovered the original vulnerability, Abdelhamid Naceri, has now published a proof of concept (PoC) targeting the Microsoft fix. The new fix works in all versions of Windows, well, at least the supported ones: Windows 10, Windows 11 and Windows Server. This shows that there are still ‘entries’. And let’s face it, anything that can increase user-to-admin privileges should be taken seriously. However, the impact is somewhat mitigated by the fact that it requires local user access to the device. What’s even more serious is that this is yet another example of Microsoft failing to properly fix a security issue.

Microsoft has not yet responded, but will work on a solution (again).