Windows 10 and Windows 11 are victims of a new security breach. According to a computer researcher, the hack introduced by the latest patch on Tuesday already allows full control of the computer. Microsoft has not yet patched a file fragility.
Abdel Hamid Nasri, researcher in computer security, patched Serious security breach In the code of all versions of Windows supported by Microsoft, including Windows 11, Windows 10 and Windows Server 2022. As reported by colleagues at Bleeping Computer, the expert discovered this security breach by analyzing Microsoft’s latest patch Tuesday.
In its quest to fix another vulnerability, Microsoft has apparently caused an even more serious vulnerability to emerge. Even worse, Abdelhamid Nasri says it’s very easy to do Bypass the patch posted by Microsoft To protect users. In fact, the software publisher is left with two big gaps. Note that these are not the only flaws that have been recently spotted on Windows. A few months ago, a 16-year-old vulnerability put millions of Windows PCs at risk.
Windows error allows administrator access to be granted
“This variable was detected while parsing the CVE-2021-41379 patch. However, the error was not debugged properly”, explains Abdelhamid Nasri in a GitHub deposit. According to him, the weakness allows the attackerEasily get administrator access to computer of his victims. Ultimately, a hacker can take complete control of a computer if he or she has physical access to the device.
To substantiate the researcher’s claims, Bleeping Computer tested a bug exploit in the computer. With a limited access account, this is very easy to doGet system privileges Windows security bypass. As a reminder, a similar bug was spotted over the summer. Before the breach was corrected, the breach allowed anyone to become liable.
Security expert explains that he publicly disclosed a security breach of To protest against the reduction in bonuses decided by Microsoft. The American giant could have significantly reduced the amounts offered to developers who discover a flaw. “Microsoft bonuses are worth nothing since April 2020, I really wouldn’t if Microsoft didn’t make the decision to lower these bonuses”The researcher explains. After all, Microsoft paid $13 million last year to people who discovered bugs in its software. However, this is less than in previous years.
ALSO READ: Windows 11 error crashes your PC, Microsoft is fixing it
Microsoft is expected to fix the breach in a future update, possibly within Correction next Tuesday. “The best solution available at the moment is to wait for Microsoft to release a security patch, given the complexity of this vulnerability”The researcher is encouraged.
Source : sleeping computer
“Certified gamer. Problem solver. Internet enthusiast. Twitter scholar. Infuriatingly humble alcohol geek. Tv guru.”
