Hackers exploited InstallerFileTakeOver Windows zero-day

Yesterday we reported that A security researcher has released a very simple privilege escalation exploit for all supported versions of Windows.

Naceri’s exploit easily elevates regular users to System privileges, as can be seen in BleepingComputer’s video below:

The ‘InstallerFileTakeOver’ exploit works on Windows 10, Windows 11 and Windows Server and can be linked with other exploits to take over entire computer networks.

In a statement, Microsoft mitigated the risk, saying:

“We are aware of disclosures and will do what is necessary to keep our customers safe and protected. An attacker using the methods described must have access and the ability to run code on the target victim’s machine.

Now BleepingComputer reports that hackers have begun to uncover the hack.

“Talos has discovered malware samples in the wild trying to take advantage of this vulnerability,” speak Jaeson Schultz, Technical Lead of Cisco’s Talos Security Intelligence & Research Group.

The hackers seem to be still in the development phase of their malware.

“During our investigation, we reviewed recent malware samples and were able to identify several that attempted to take advantage of the exploit,” said Nick Biasini, Head of Access at Cisco Talos. know. “Because of the low volume, these could be people working on proof of concept code or testing for future campaigns. This is just more evidence of how quickly an adversary can weaponize an overt mining method. “

Naceri, who released the proof of concept code for zero-day, told BleepingComputer that he did this because of Microsoft’s reduced payment in their bug bounty program.

Naceri explains: “Microsoft bounties have been trashed since April 2020, I really wouldn’t have done that if MSFT hadn’t made the decision to downgrade those bounties.

With the line between security researchers and malware authors so thin, Microsoft may want to reevaluate their bug bounty strategy going forward.

via BleepingComputer

https://mspoweruser.com/hackers-already-exploiting-installerfiletakeover-windows-zero-day/ Hackers exploited InstallerFileTakeOver Windows zero-day


Inter Reviewed is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@interreviewed.com. The content will be deleted within 24 hours.

Related Articles

Back to top button