• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Friday, July 3, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Gaming

This dangerous Windows zero-day lets you instantly become an admin

by Aashish Sehrawat
November 24, 2021
in Gaming, Popular, Tech
Reading Time: 2 mins read
0
Japanese firms set to test digital currency, launch in FY2022

Image: securityaffairs

TwitterWhatsappLinkedin
Image: securityaffairs

An exploit for a new Windows zero-day local privilege elevation vulnerability that grants admin rights in Windows 10, Windows 11, and Windows Server has been publicly revealed by a security researcher.

You might also like

How does an On-device AI work? 

How does the satellite messaging work?

Honda and Nissan Edge Closer to Strategic Alliance as Shared Vehicle Brain Nears Approval

The vulnerability was tested by BleepingComputer, who used it to open a command prompt with SYSTEM capabilities from a user account with only ‘Standard’ privileges.

Threat actors with limited access to a compromised device might simply elevate their privileges to help spread laterally within the network by exploiting this vulnerability.

All supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022, are vulnerable.

Microsoft addressed a CVE-2021-41379. ‘Windows Installer Elevation of Privilege Issue’ vulnerability as part of the November 2021 Patch Tuesday.

After reviewing Microsoft’s update, security researcher Abdelhamid Naceri uncovered a bypass to the patch as well as a more potent new zero-day privilege escalation issue.

Naceri posted a successful proof-of-concept exploit for the new zero-day on GitHub yesterday, claiming that it works on all supported Windows versions.

“This variant was discovered during the analysis of CVE-2021-41379 patch. the bug was not fixed correctly, however, instead of dropping the bypass,” explains Naceri in his writeup. “I have chosen to actually drop this variant as it is more powerful than the original one.”

Furthermore, while group policies can be configured to block ‘Standard’ users from executing MSI installation operations, Naceri’s zero-day exploit bypasses this policy and still works.

The ‘InstallerFileTakeOver’ exploit was tested by BleepingComputer, and it only took a few seconds to get SYSTEM privileges from a test account with ‘Standard’ privileges, as shown in the video below.

The test was run on a fresh installation of Windows 10 21H1 build 19043.1348.

When we questioned Naceri why he publicly exposed the zero-day vulnerability, he said it was due to his unhappiness with Microsoft’s bug bounty program’s declining compensation.

“Microsoft bounties has been trashed since April 2020, I really wouldn’t do that if MSFT didn’t take the decision to downgrade those bounties,” explained Naceri.

Naceri isn’t alone in his dissatisfaction with what researchers believe is a decrease in bug bounty rewards.

https://twitter.com/MalwareTechBlog/status/1287848085243060224?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1287848085243060224%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fnew-windows-zero-day-with-public-exploit-lets-you-become-an-admin%2F

BE CAREFUL! Microsoft will reduce your bounty at any time! This is a Hyper-V RCE vulnerability be able to trigger from a Guest Machine, but it is just eligible for a $5000.00 bounty award under the Windows Insider Preview Bounty Program. Unfair! @msftsecresponse
@msftsecurity pic.twitter.com/sJw3cjsliF

— rthhh (@rthhh17) November 9, 2021

“We are aware of the disclosure and will do what is necessary to keep our customers safe and protected. An attacker using the methods described must already have access and the ability to run code on a target victim’s machine.” – a Microsoft spokesperson.

Microsoft will most likely remedy the vulnerability in an upcoming Patch Tuesday release, as is customary with zero days.

However, third-party patching businesses should avoid attempting to solve the vulnerability by patching the binaries because this will most likely disrupt the installation, according to Naceri.

Tags: gatesMicrosoftmsmsofficew11w19windows
Tweet54SendShare15
Previous Post

Japanese firms set to test digital currency, launch in FY2022

Next Post

Italy fines Apple, Amazon $225M in ‘antitrust’ action

Aashish Sehrawat

Recommended For You

How does an On-device AI work? 

by Afeefa Ansari
July 3, 2026
0
How does an On-device AI work? 

On-device AI is becoming an assistant like never before. It is a fresh take on the world of AI and helps you handle things really well. We shall...

Read more

How does the satellite messaging work?

by Afeefa Ansari
July 3, 2026
0
Satellite messaging

Ever wondered how satellite messaging works? Follow the guide to know how you can understand this work and how complex it is. So, let's get started and see...

Read more

Honda and Nissan Edge Closer to Strategic Alliance as Shared Vehicle Brain Nears Approval

by Samir Gautam
July 2, 2026
0
Honda Nissan Partnership Moves Closer With Shared ECU

Honda and Nissan appear to be entering a decisive phase in their growing partnership, with both Japanese automakers making significant progress toward a technology-sharing agreement that could influence...

Read more
Next Post
Japanese firms set to test digital currency, launch in FY2022

Italy fines Apple, Amazon $225M in ‘antitrust’ action

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?