A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged by malware developers. About the flaw and the exploit Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day Initiative, has analyzed the patch for CVE-2021-41379 and found that the bug was “not fixed correctly.” So he created and … More
The post After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379) appeared first on Help Net Security.
Source: help net security.com