A WARNING has been issued to Microsoft users after a new vulnerability was discovered that leaves them exposed to hackers.
Microsoft Windows 10 and Windows 11 users are urged to be on high alert after reports of a botched security update that failed to handle the threat.
1
The flaw had already been caught earlier this year but the fix Microsoft installed worsened the problem, according to Forbes, leaving a security hole in all major Windows versions.
The flawed fix is reportedly “more powerful than the original one” allowing hackers to take over computers.
Forbes said that the vulnerability has already been exploited by hackers.
“During our investigation, we looked at recent malware samples and were able to identify several that were already attempting to leverage the exploit,” Cisco Talos’ Head of Outreach Nick Biasini told BleepingComputer.
“Since the volume is low, this is likely people working with the proof of concept code or testing for future campaigns. This is just more evidence on how quickly adversaries work to weaponize a publicly available exploit.”
Security researcher Abdelhamid Naceri publicly disclosed the vulnerability.
Most read in Tech
He said that it bypasses the previous flaw, named CVE-2021-41379, which Microsoft thought it had patched in November.
Forbes reports that it “enables a hacker to elevate privileges allowing them to take over a computer and spread their attacks across the victim’s network.”
According to Bleeping Computer, when exploited, the vulnerability gives the attacker system privileges on all up-to-date devices running the latest Windows releases.
These are the highest user rights available on Windows.
It makes it possible for the attacker to perform any operating system command.
Experts have warned that a Microsoft update may be the only fix to this new flaw.
“The best workaround available at the time of writing this is to wait for Microsoft to release a security patch, due to the complexity of this vulnerability,” explained Naceri.
“Any attempt to patch the binary directly will break windows installer. So you better wait and see how Microsoft will screw the patch again.”
MICROSOFT WORKING ON FIX
Microsoft has said it is aware of the vulnerability and is working to protect users.
“We are aware of the disclosure and will do what is necessary to keep our customers safe and protected,” the company said in a statement to Bleeping Computer.
“An attacker using the methods described must already have access and the ability to run code on a target victim’s machine.”
Security platform 0patch is said to be working on a stop-gap fix to give Microsoft more time to solve the problem.
In other news, Android users are being warned to update their phone’s privacy settings after a new update could leave their devices vulnerable.
Samsung has killed off one of its most beloved smartphone ranges, according to reports.
And, a tech expert has revealed some exciting hidden Google features in a popular TikTok video.
Warning about FAKE Microsoft emails here are the red flags to watch to protect your device
We pay for your stories!
Do you have a story for The US Sun team?
