Malware authors are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday.
The security researcher Abdelhamid Naceri has publicly disclosed the exploit for a new Windows zero-day local privilege elevation vulnerability that can be exploited by threat actors with limited user account to achieve admin privileges on Windows 10, Windows 11, and Windows Server.
Now Cisco Talos experts announced to have already detected malware samples in the wild that are attempting to exploit this vulnerability.
“Cisco Talos is releasing new SNORT rules to protect against the exploitation of a zero-day elevation of privilege vulnerability in Microsoft Windows Installer. This vulnerability allows an attacker with a limited user account to elevate their privileges to become an administrator. This vulnerability affects every version of Microsoft Windows, including fully patched Windows 11 and Server 2022.” reads the advisory published by Cisco Talos. “Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability.”
At this time, experts are not aware of any malware campaign on a large scale using the PoC exploit code, likely threat actors are working on the code and testing it for future attacks.
Experts believe that threat actors will start exploiting the issue very soon, for this reason, it is likely Microsoft could work on an emergency patch to protect its customers.
Talos released Snort rule SIDs 58635 and 58636 to protect users from exploitation of this zero-day vulnerability
(SecurityAffairs – hacking, Windows zero-day)