There is a security vulnerability in Windows that must be closed with the November updates. Enable local users to extend their rights in the system. This should actually be the end of the topic. But according to security researcher Abdel Hamid Al-Nasiri, who reported the vulnerability, the vulnerability has not been properly patched so that he can continue to manipulate the rights without permission.
The original weak point was already one Privilege escalation in Windows Installer (CVE-2021-41379), which was rated by Microsoft CVSS 5.5 – Medium Severity – Severity. When analyzing the patch against the vulnerability, Nasir claims to have come across two other vulnerabilities. in one Github project detailing and also introducing Proof of Concept (PoC) software.
Renowned IT security expert Kevin Beaumont confirms the exploit function and thus vulnerabilities via Twitter.
According to Naceris, all currently supported versions of Windows are affected, including Windows 11 and Server 2022. Its experimental exploit called InstallerFileTakeOver gives a user restricted access rights to any files; This is synonymous with system rights. As a precaution, Naceri notes that his approach to exploiting the vulnerability requires the Microsoft Edge Elevation DACL, which may not be available on some server versions.
Given the complexity of the vulnerability, one can only wait for a new and effective patch from Microsoft to remedy the situation, Nasiri says. Any attempt to directly patch the Windows Installer executable file will destroy it.