A nasty new security hole lets hackers take over Windows 10 and Windows 11 Machines – and there is still no solution.
A working exploit for the bug its creator “InstallerFileTakeOver, “was published last Sunday (November 21st) in Microsoft’s own software repository GitHub.
Since our workstations are locked by our IT department, we could not try InstallerFileTakeOver. However, several security experts say it works fine and gives full system control to logged in users who normally cannot install, delete or change programs.
Yes, this LPE actually works on a fully patched Windows 11 system. https://t.co/7v0oXSZrnM pic.twitter.com/kvvISKabeGNovember 22, 2021
“This vulnerability affects every version of Microsoft Windows, including fully patched Windows 11 and Server 2022,” said researchers from Cisco Talos yesterday (November 23). “Talos has already discovered samples of malware in the wild trying to exploit this vulnerability.”
Can confirm this works, local priv esc. Tested on Windows 10 20H2 and Windows 11. The previous patch from MS did not correct the problem correctly. https://t.co/OEdmtlMZvYNovember 22, 2021
Unfortunately, there is still no surefire way to protect your PC like the creator of the exploit, Moroccan researcher Abdelhamid Naceri, in his GitHub post.
“The best workaround available at the time of this writing is to wait for Microsoft to release a security patch because of the complexity of this vulnerability,” wrote Naceri. “Any attempt to patch the binary directly will destroy Windows Installer,” the Windows 10 and Windows 11 program that updates Microsoft software.
The best way to defend yourself is to install and run some of the best windows antivirus Software, free or paid. Do not open files that accidentally come to you from websites, email messages, social media, or instant messages. And keep track of who has access to your computer.
Some protection is that the attack must begin with a user who is already logged into the system. But the attacker doesn’t have to be human – malware that got onto the machine by other means could just as easily exploit this flaw.