World security researcher publishes example exploit for Zero-Day gap in Windows

13:45  23 november  2021
13:45  23 november  2021 Source:   silicon.de

What the world did and didn’t accomplish at COP26

  What the world did and didn’t accomplish at COP26 The biggest climate conference in history was a tiny step toward solving a gargantuan problem.It was not the massive course correction for the climate that activists — some of whom staged a “die-in” outside the COP26 venue — were clamoring for.

Sicherheitslücken (Bild: Shutterstock.com/bofotolux). © default_credit vulnerabilities (Image: shutterstock.com/bofotolux). The vulnerability allows an unauthorized extension of user rights. Affected are apparently all supported versions of Windows and Windows Server. The publication happens to protest against Microsoft.

The Security Fores Abdelhamid NACERI has released sample code for an exploit with which a previously unpacked vulnerability can be exploited in Windows. According to those affected, all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022. An attacker with restricted access rights may be able to execute system rights.

Economic modelling asserts advantage of complete net zero in regional Victoria

  Economic modelling asserts advantage of complete net zero in regional Victoria New economic modelling shows most Victorian regions would see strong employment and economic growth if Australia transitions to a fully net zero economy.The analysis from the Centre of Policy Studies at Victoria University asserts that even without "optimistic speculation" in green investments, most areas in regional Victoria would be at an advantage if net zero is reached by 2050.

as bleeping computer reported, Naceri came to the vulnerability when examining a patch, which Microsoft published at the beginning of the month. He should eliminate a vulnerability (CVE-2021-41379) in the Windows Installer, which allows an unauthorized expansion of user rights.

The researcher found that the Fix provided by Microsoft does not resolve the actual security problem. Naceri also found the questionable, his view of even more serious new Zero-Day gap, which also allows a rights expansion.

The Sample Code for Exploit-published NACERI to the report now on Github . "This variant was discovered during the analysis of the CVE-2021-41379 patch. However, the error has not been corrected correctly instead of removing the bypass, "said Naceri. "I decided to publish this variant as it is more powerful than the original variant." He emphasized that the bypass of the Microsoft patch is prevented by Group Policy - but not an attack on the newly discovered Zero-Day gap.

BleepingComputer has tested the exploit according to own information under a fully patched Windows 10 21H1. Thus, when using a user account with limited right after a few seconds, a command prompt with system rights opened, which the blog demonstrates in a video.

to the public, Naceri turned to their own information to protest Microsoft's decision, which reduces independent security researchers like bonuses paid for vulnerabilities. "Microsoft's premiums have only been a waste since April 2020. I really would not do that if Microsoft had not made the decision down the premiums, "explained the researcher to the report.

How may the LNP's embrace of net zero affect its electoral chances in Queensland's coal country? .
The so-called "coal seats" of central and north Queensland recorded strong swings away from Labor in 2019, but Scott Morrison's adoption of a net zero plan has reset the electoral battleground.However, in 2019, he not only failed to win the then-marginal seat of Capricornia, he also experienced a huge swing against the ALP.

usr: 14
This is interesting!