A new Windows zero-day vulnerability has discover that allows attackers to exploit the Microsoft operating system and gain administrator privileges on a device almost instantly. This vulnerability affects Windows 10, Windows 11, and Windows Server.
The flaw allows attackers with limit access to gain more privileges and spread across the system to further allow any kind of potential damage.
A test by BleepingComputer reveals that the exploit is capable of acquiring system privileges from an account that only had standard privileges.
The new vulnerability was seen in bypass to a patch that Microsoft earlier roll out as a response to CVE-2021-41379.
While tested on Windows 10 21H1 build 19043.1348, the file reportedly took just a few seconds to gain system privileges.
Microsoft is expect soon release a security patch to fix the vulnerability for the affected versions of Windows.
Why the Vulnerability was Disclose Publicly?
Reportedly disclose the zero-day vulnerability publicly “out of frustration over Microsoft’s reducing payouts in its bug bounty program” adding that “Microsoft bounties has been trash since April 2020,
I really wouldn’t do that if MSFT didn’t take the decision to downgrade those bounties.
This is not the first case developers and security researchers have complain of reducing payouts on bug-bounty programs.
With decreasing monetary incentives, users who encounter or discover vulnerabilities are less motivated to alert companies like Microsoft, instead choosing to keep vulnerabilities to themselves or worse, selling them to malicious attackers.
THANK YOU FOR READING.
