silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,218
A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system.
The issue affects Windows 7 through 10. Microsoft’s most recent effort to address the issue (CVE-2020-16902) was in October. A bypass, complete with proof-of-concept (PoC) exploit code emerged in late December 2020.
Temporary fix available
Mitja Kolsek, CEO of ACROS Security and co-founder of the 0patch micropatching service, explains how Naceri’s PoC for the vulnerability (no tracking number) works:
“The proof-of-concept is using a rollback script that changes the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Fax\ImagePath to c:\Windows\temp\asmae.exe, which results in the Fax Service using attacker's asmae.exe when the service is launched. This service was used because any user is allowed to launch it, and it's running as Local System” - Mitja Kolsek
Windows Installer zero-day vulnerability gets free micropatch
A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system.
www.bleepingcomputer.com