Malware are already attempting to exploit new Windows Installer zero-day

Vxers are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday.

Malware authors are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday.

The security researcher Abdelhamid Naceri has publicly disclosed the exploit for a new Windows zero-day local privilege elevation vulnerability that can be exploited by threat actors with limited user account to achieve admin privileges on Windows 10, Windows 11, and Windows Server.

Now Cisco Talos experts announced to have already detected malware samples in the wild that are attempting to exploit this vulnerability.

“Cisco Talos is releasing new SNORT rules to protect against the exploitation of a zero-day elevation of privilege vulnerability in Microsoft Windows Installer. This vulnerability allows an attacker with a limited user account to elevate their privileges to become an administrator. This vulnerability affects every version of Microsoft Windows, including fully patched Windows 11 and Server 2022.” reads the advisory published by Cisco Talos. “Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability.”

At this time, experts are not aware of any malware campaign on a large scale using the PoC exploit code, likely threat actors are working on the code and testing it for future attacks.

Experts believe that threat actors will start exploiting the issue very soon, for this reason, it is likely Microsoft could work on an emergency patch to protect its customers.

Talos released Snort rule SIDs 58635 and 58636 to protect users from exploitation of this zero-day vulnerability

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Windows zero-day)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.