A security hole in Windows systems allows attackers to take over a computer. 0Patch has investigated the bug and provided a patch against the zero-day vulnerability. Microsoft has not yet resolved the problem and has therefore not yet rolled out an update.
The InstallerFileTakeOver vulnerability makes it possible to gain admin rights on a system. Windows stores modified or deleted files in a temporary folder during an installation so that previous versions can be restored later. Since the files are previously created in a system folder, a symbolic link pointing to a system file can be placed in the folder. This means that a program that normally requires admin rights can be run by a normal user. It is said that malware is already in circulation that actively exploits the security gap.
Vulnerability affects Windows systems
The vulnerability is said to affect almost all currently supported Windows operating systems. As Ghacks writes, 0Patch has now provided a free patch for Windows 10 versions 1709 to 21H1 and Windows 7 ESU. The patch for Windows Server 2012, 2012 R2, 2016, 2019, and 2008 R2 ESU is also offered. Although Windows 11 is probably also affected by the problem, no patch has yet been made available for the new Redmond operating system.
It is unclear why the Redmond-based company has not yet integrated an official patch into the affected operating systems. Microsoft has already been informed of the problem and emphasized that an attacker must already have access to the user’s PC in order to be able to exploit the vulnerability. It is conceivable that Microsoft will fix the problem itself soon.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.