A new zero-day flaw in Windows, discovered by security researcher Abdelhamid Naceri, allows an ordinary user to elevate their access privileges to the operating system. The bug, reported on Saturday (20), could open the device’s doors to malicious agents.
The vulnerability, which affects Windows 10, Windows 11 and Windows Server 2022, was found during analysis of the fix released by Microsoft for a previous software loophole, which already made it possible to change access privileges. According to Naceri, the update released does not fix the latest bug.
In practical terms, users with standard access to Windows can obtain administrator privileges by exploiting the vulnerability. From there, they can carry out various malicious activities, such as spreading malware, stealing data, removing accounts, changing settings and hacking into other machines on a network.
In an interview with Bleeping Computer, the expert said that he exposed this new Windows zero-day flaw in protest against Microsoft‘s reward policies for security researchers. According to him, the remuneration for bug hunters has been reduced since April last year.
Microsoft aware of the problem
The Redmond giant said that it is already aware of this new bug in relation to system access privileges, but has not yet fixed the flaw. “We are aware of the disclosure and will do whatever is necessary to keep our customers safe and secure,” commented a company spokesperson.
However, big tech hasn’t said when the fix will be released, which will probably be in the next cumulative update of the Windows owner’s monthly cycle. In the meantime, the person responsible for publicizing the breach warned users not to try to fix the bug themselves.
“Any attempt to fix the flaw will interrupt the Windows installer. So it’s best to wait and see how Microsoft will fix the patch again,” Naceri recommended.
Via Tecmundo
