In brief: Computer security group Cisco Talos has found a new vulnerability that affects every Windows version to date, including Windows 11 and Server 2022. The vulnerability exists in the Windows Installer and allows hackers to elevate their privileges to become an administrator.
The discovery of this vulnerability led the Cisco Talos group to update its Snort rules, which consists of rules to detect attacks targeting a list of vulnerabilities. The updated list of rules includes the zero-day elevation of privilege vulnerability, as well as new and modified rules for emerging threats from browsers, operating systems and network protocols, among others.
Exploiting this vulnerability allows hackers with limited user access to elevate their privileges, acting as an administrator of the system. The security firm has already found malware samples out on the Internet, so there’s a good chance someone already fell victim to it.
The vulnerability had been previously reported to Microsoft by Abdelhamid Naceri, a security researcher at Microsoft, and was supposedly patched with the fix CVE-2021-41379 on November 9. However, the patch didn’t seem to be enough to fix the issue, as the problem persists, leading Naceri to publish the proof-of-concept on GitHub.