Home windows installer tagged with flaws that might elevate privileges – Cyber Tech

An unpatched vulnerability in the best way Home windows handles installer recordsdata might put programs vulnerable to assault.

Researcher Adrian Denkiewicz reported how the set up course of in Home windows 11 could possibly be gamed to permit an attacker to raise privileges and presumably take over a susceptible system.

The issue, mentioned Denkiewicz, stems from the best way Home windows handles permissions for installer (.msi) recordsdata. With out acceptable checks, installers are in a position to execute actions that may in any other case be forbidden below non-administrator accounts.

These customized actions are in a position to circumvent regular account protections as they’re thought of important for the set up of software program. This, in flip, will be taken benefit of to hold out malicious actions.

“Customized Actions are needed in situations the place the built-in capabilities of Home windows Installer are inadequate,” the researcher defined.

“For instance, if an software requires particular registry keys to be set dynamically based mostly on the consumer’s surroundings, a Customized Motion can be utilized to attain this.”

In brief, the Customized Actions will be manipulated by a risk actor to activate capabilities that may in any other case be off-limits for fundamental consumer accounts. This could, in flip, lead to an elevation of privilege situation the place the native consumer might achieve administrator entry and set up any number of unchecked malware.

The vulnerability just isn’t a latest revelation. Denkiewicz reported the problem to Redmond late final 12 months, solely to be strung out for a number of months and have the vulnerability report dismissed as not being replicable on at present patched programs.

Microsoft didn’t reply to a request for touch upon the matter.

If there may be one redeeming issue on the disclosure, it’s that the flaw just isn’t a remotely exploitable vulnerability. Any risk actor who would search to take advantage of the installer bug must already obtained native entry (ie, run code on the goal system).

Which means a big quantity of social engineering must happen earlier than the automated exploit might run.

“The MSI file using a susceptible Customized Motion have to be already put in on the machine. Nonetheless, the problem could possibly be useful to pentesters performing Native Privilege Elevation or as a persistence mechanism.”