Windows: A new zero-day Windows flaw, discovered by security researcher Abdelhamid Naceri, allows an average user to elevate their operating system access privileges. The bug, reported on Saturday (20), could open the device’s doors to malicious agents.
The vulnerability, which affects Windows 10, Windows 11 and Windows Server 2022, was found during the review of a fix released by Microsoft for an earlier flaw in the software, which already made it possible to change access privileges. According to Naceri, the released update does not fix the latest bug.
Practically, users with standard Windows access are able to gain administrator privileges by exploiting the vulnerability. From there, they can perform various malicious activities, such as spreading malware, stealing data, removing accounts, changing settings and hacking into other machines on a network.
In an interview with Bleeping Computer, the expert said he exposed this new Windows zero-day flaw in protest against Microsoft’s reward policies for security researchers. According to him, compensation for bug hunters has been reduced since April of last year.
Microsoft aware of the issue
The Redmond giant has stated that it already knows about this new bug regarding system access privileges, but has not yet fixed the flaw. “We are aware of disclosure and will do whatever is necessary to keep our customers safe and secure,” commented a company spokesperson.
However, big tech has not said when the fix will be released, which will likely occur in the next cumulative update of the Windows owner’s monthly cycle. Meanwhile, the person responsible for disclosing the breach warned users not to try to fix the bug themselves.
“Any attempt to fix the failure will stop the Windows installer. So it’s better to wait and see how Microsoft fixes the patch again,” Naceri recommended.