Tech

Easy Zero-day Privilege Escalation Exploit for Windows Released Because of Miserable Microsoft

A security researcher has released a very simple privilege escalation exploit for all supported versions of Windows because Microsoft has cut the bounty for bug bounties.

Abdelhamid Naceri said to Computer Bleeping that he was disappointed that Microsoft reduced the payouts in their bug bounty program.

Naceri explains: “Microsoft bounties have been trashed since April 2020, I really wouldn’t have done that if MSFT hadn’t made the decision to downgrade those bounties.

Other researchers agree, saying:

Naceri’s exploit easily elevates regular users to System privileges, as can be seen in BleepingComputer’s video below:

The hack was developed on top of a Microsoft patch for an earlier exploit that Naceri said was incomplete.

“This variant was discovered during patch analysis CVE-2021-41379. However, the error was not correctly fixed, instead of bypassing the detour,” Naceri explained in her post. “I chose to actually drop this variant because it was stronger than the original.”

The ‘InstallerFileTakeOver’ exploit works on Windows 10, Windows 11 and Windows Server and can be linked with other exploits to take over entire computer networks.

Microsoft has yet to respond to the release.



https://mspoweruser.com/easy-zero-day-privileges-escalation-exploit-for-windows-released-because-microsoft-is-stingy/ Easy Zero-day Privilege Escalation Exploit for Windows Released Because of Miserable Microsoft

Hung

Inter Reviewed is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@interreviewed.com. The content will be deleted within 24 hours.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + twelve =

Back to top button