Attackers are actively exploiting the Windows Installer’s zero-day vulnerability which was detected when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem.
Security researchers have found that they are at risk of a high-profile Windows Installer tracking like CVE-2021-41379 that Microsoft released a few weeks ago as part of its November Patch updates on Tuesday. When exploited, POC, called InstallerFileTakeOver, gives the player administrative privileges on Windows 10, Windows 11 and Windows Server when they log into the Windows Edge-enabled machine.
Read More: Threatpost
For more such updates follow us on Google News ITsecuritywire News