A new Windows zero-day vulnerability has been discovered that allows attackers to exploit the Microsoft operating system and gain administrator privileges on a device almost instantly. The vulnerability affects Windows 10, Windows 11, and Windows Server.
The flaw allows attackers with limited access to gain more privileges and spread across the system to further allow any kind of potential damage. A test by BleepingComputer reveals that the exploit is capable of acquiring SYSTEM privileges from an account that only had standard privileges.
The new vulnerability, discovered by Twitter user Abdelhamid Naceri, was seen in bypass to a patch that Microsoft earlier rolled out as a response to CVE-2021-41379. After the patch was released, Naceri showed how the vulnerability can be exploited via ‘InstallerFileTakeOver’, a proof-of-concept tool on GitHub.
While tested on Windows 10 21H1 build 19043.1348, the file reportedly took just a few seconds to gain SYSTEM privileges. Microsoft is expected to soon release a security patch to fix the vulnerability for the affected versions of Windows.
Why the vulnerability was disclosed publicly
Naceri reportedly disclosed the zero-day vulnerability publicly “out of frustration over Microsoft’s reducing payouts in its bug bounty program” adding that “Microsoft bounties has been trashed since April 2020, I really wouldn’t do that if MSFT didn’t take the decision to downgrade those bounties.”
“This variant was discovered during the analysis of CVE-2021-41379 patch. the bug was not fixed correctly, however, instead of dropping the bypass,” he explained on GitHub.
This is not the first case developers and security researchers have complained of reducing payouts on bug-bounty programs.
Under Microsoft’s new bug bounty program one of my zerodays has gone from being worth $10,000 to $1,000 💀
— MalwareTech (@MalwareTechBlog) July 27, 2020
With decreasing monetary incentives, users who encounter or discover vulnerabilities are less motivated to alert companies like Microsoft, instead choosing to keep vulnerabilities to themselves or worse, selling them to malicious attackers.