Hackers Target New Windows Installer Flaw

Share the joy

The flaw can allow attackers to have admin rights. 

Microsoft Windows Installer Exploit 

Bad actors have already created malware that could exploit the privilege vulnerability found in Microsoft Windows Installer. The company has released a patch with an important rating and a severity score of 5.5 out of 10. 

At the time the flaw was discovered, it wasn’t actively exploited. But it is now. The bug could still be exploited even if the system has the November patch. It means that bad actors can still gain admin-level privileges. 

Microsoft assessed the flaw and stated that bad actors could only delete targeted files on a computer. It also contradicted reports that it could gain privileges to modify file contents. 

However, Cisco Talos stated that the vulnerability enables attackers with a limited user account to elevate their privileges and become admin. 

“However, the patch released by Microsoft was not sufficient to remediate the vulnerability, and Naceri published proof-of-concept exploit code on GitHub on Nov. 22 that works despite the fixes implemented by Microsoft. The code Naceri released leverages the discretionary access control list (DACL) for Microsoft Edge Elevation Service to replace any executable file on the system with an MSI file, allowing an attacker to run code as an administrator. “

The exploit code will drive more abuse of the vulnerability. Experts said that the only workaround for the bug is for Microsoft to release another patch. Because of the complexity of the flaw, patching the binary directly will only break the Installer. 

Microsoft hasn’t stated whether or not it will issue another patch for the functional proof-of-concept code. 

The company is facing more Windows security problems. Microsoft had to roll out a fix for a certain bug that stopped Kaspersky antivirus apps from opening after the updates have been installed through the Microsoft Installer. 

Unlike the above-mentioned flaw, this issue affected computers running Windows 10 and 11. After they installed a Windows update, the Kaspersky Endpoint Security for Windows was still functional. The security feature remained intact. However, errors arise when they upgrade the app or change the scope of the app components. 

Why Do Windows Computers Experience a Lot of Malware Attacks? 

Windows computers are vulnerable to malware attacks. Even though malware is everything, Windows is prone to attacks. After all, it’s still the most popular operating system in the world. 

This report stated that 114 million malicious programs were developed in 2019. And 78% of the attacks targeted Windows systems. The number is expected to rise in the coming years. 

Windows is a common target because it’s the most common OS in the world. But that’s not all. It’s also prone to security issues because it has over 600 security gaps. The OS has backdoors that could easily encourage attacks. Furthermore, users are at risk because of the security flaws in the apps that they are using. 

However, other platforms are also affected. But they are not as prone as Windows computers. Other systems accounted for only 2% of malware attacks. At the start of 2020, the number dropped to 1.91%.

Share the joy

Author: Jane Danes

Jane has a lifelong passion for writing. As a blogger, she loves writing breaking technology news and top headlines about gadgets, content marketing and online entrepreneurship and all things about social media. She also has a slight addiction to pizza and coffee.

Share This Post On