Naceri’s exploit easily elevates regular users to System privileges, as can be seen in BleepingComputer’s video below:
The ‘InstallerFileTakeOver’ exploit works on Windows 10, Windows 11 and Windows Server and can be linked with other exploits to take over entire computer networks.
In a statement, Microsoft mitigated the risk, saying:
“We are aware of disclosures and will do what is necessary to keep our customers safe and protected. An attacker using the methods described must have access and the ability to run code on the target victim’s machine.
Now BleepingComputer reports that hackers have begun to uncover the hack.
“Talos has discovered malware samples in the wild trying to take advantage of this vulnerability,” speak Jaeson Schultz, Technical Lead of Cisco’s Talos Security Intelligence & Research Group.
The hackers seem to be still in the development phase of their malware.
“During our investigation, we reviewed recent malware samples and were able to identify several that attempted to take advantage of the exploit,” said Nick Biasini, Head of Access at Cisco Talos. know. “Because of the low volume, these could be people working on proof of concept code or testing for future campaigns. This is just more evidence of how quickly an adversary can weaponize an overt mining method. “
Naceri, who released the proof of concept code for zero-day, told BleepingComputer that he did this because of Microsoft’s reduced payment in their bug bounty program.
Naceri explains: “Microsoft bounties have been trashed since April 2020, I really wouldn’t have done that if MSFT hadn’t made the decision to downgrade those bounties.
With the line between security researchers and malware authors so thin, Microsoft may want to reevaluate their bug bounty strategy going forward.
https://mspoweruser.com/hackers-already-exploiting-installerfiletakeover-windows-zero-day/ Hackers exploited InstallerFileTakeOver Windows zero-day