Terrifying new Windows 10 and 11 bug still a risk to users despite latest Microsoft update

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Windows 10 and Windows 11 users are still at risk from a bug that Microsoft pushed out a patch for, which still hasn’t resolved the issue. The dangerous vulnerability affects all versions of Windows, and if exploited allows threat actors to escalate privileges and run code with admin rights. Microsoft has tried to address this issue, pushing out a security patch last month which was meant to stop the Windows 10 and 11 vulnerability in its tracks.

Instead, however, the bug is now “more powerful” than ever before.

That’s according to Abdelhamid Naceri, the researcher who discovered the Windows 10 and Windows 11 flaw in the first place.

This was explained in a Github post online, where Naceri revealed a proof-of-concept exploit for the InstallerFileTakeOver vulnerability, following a November 2021 patch that was meant to fix it.

Naceri wrote: “This variant was discovered during the analysis of CVE-2021-41379 patch. the bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one.”

Security platform 0patch has released a stop-gap fix for this bug. But Naceri said the best thing to do is to wait till Microsoft releases an official patch that addresses the vulnerability.

Microsoft introduces Windows 11

The researcher wrote: “The best workaround available at the time of writing this, is to wait for Microsoft to release a security patch. Due to the complexity of this vulnerability, any attempt to patch the binary directly will break Windows Installer. So you’d better wait and see how/if Microsoft will screw the patch up again.”

Hopefully it won’t take too much longer for an official fix to be released, with Microsoft saying they are aware of the problem and are working on a new update.

Speaking to Bleeping Computer, Microsoft spokesperson said: “We are aware of the disclosure and will do what is necessary to keep our customers safe and protected.

“An attacker using the methods described must already have access and the ability to run code on a target victim’s machine.”

Elsewhere, Cisco Talos has said that they’ve seen examples of this vulnerability being exploited in the wild.

Nick Biasini, the firm’s head of outreach, said: “During our investigation, we looked at recent malware samples and were able to identify several that were already attempting to leverage the exploit.

“Since the volume is low, this is likely people working with the proof of concept code or testing for future campaigns. This is just more evidence on how quickly adversaries work to weaponise a publicly available exploit.”

Avast

Avast is one of the most popular antivirus providers around now. The security experts offer a free antivirus tool, but if you want the best protection you’ll have to pay for a more comprehensive product. Thankfully, Avast is offering big savings on its antivirus tools right now – with savings of 50 percent available

View Deal

ESET

ESET lets you customise its antivirus offering to suit your needs. While other providers have prices for a set amount of devices (i.e one, five, 10) ESET lets you manually input how many devices you want a license for. Prices start from £39.90 for one device

View Deal

Malwarebytes Premium

Malwarebytes Premium offers 24/7 real-time protection from malware threats, blocks ransomware attacks and protects you from malicious websites. You can get a one year license for one device for £29.99. If you get a two year license you’ll be able to save 25 percent on the price of the second year

View Deal

Trend Micro

Trend Micro has a range of cyber security products available. And for the Black Friday season it has slashed prices of its products. The cheapest is Antivirus+ Security, which offers “essential” PC protection. This is usually priced at £19.95, but right now is available for £9.95

View Deal

AVG

Like Avast, AVG offers a free antivirus tool. But if you want the most comprehensive protection on offer you’ll have to fork out for one of AVG’s paid-for products. For a limited-time only AVG is running a Christmas deal which offers up to 50 percent off, but you’ll have to act quick to get this bargain

View Deal

Bitdefender

Bitdefender is offering a huge saving on its antivirus products. Prices start from just £16 for a year’s worth of antivirus protection. This is for Antivirus Plus, which can be used on three devices and usually costs £39.99. The deal running at the moment marks a saving of 60 percent (£24)

View Deal

McAfee

McAfee is one of the most recognisable antivirus names around, being first founded 34 years ago. So if you choose a McAfee product you know it’s been made with decades worth of experience. And right now the veteran security solutions company is running a Christmas sale with great savings to be had


Source: Read Full Article