A new vulnerability was discovered in Windows 10, Windows 11 and Windows Server 2022, writes DTF. It allows you to elevate local privileges and gain access to the operating system with administrator rights. The exploit code was also published on GitHub, which is already being used by cybercriminals to gain control over devices.
This is a zero-day vulnerability that is related to the Windows Installer Subsystem. It bypasses both the installed group policies and the November patch, in which Microsoft was already fixing a similar issue.
A new, more powerful patching vulnerability was identified by security researcher Abdelhamid Naseri. He also posted a working exploit on GitHub that affects all current versions of Windows. Naseri explained his act by the fact that he was unhappy with the reduction in payments under the Microsoft bug search program.
The exploit was tested by BleepingComputer on Windows 10. It took them a few seconds to gain SYSTEM-level privileges from a test account with Standard privileges.
NIX Solutions notes that cybercriminals have already begun to actively use the exploit. They use it to create malware. Microsoft is aware of what is happening and says that the company is doing everything necessary to protect users.