Skip to main content
  1. Home
  2. Computing

Frustrated security researcher discloses Windows zero-day bug, blames Microsoft

By

There’s a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn’t alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Windows 11 blue error crash screen.
Microsoft

Microsoft apparently fixed a zero-day issue with the latest round of “Patch Tuesday” updates, but left another unpatched and incorrectly fixed. Naceri bypassed the patch and found a more powerful variant. The zero-day vulnerability impacts all supported versions of Windows, including Windows 8.1, Windows 10, and Windows 11.

Recommended Videos

“This variant was discovered during the analysis of CVE-2021-41379 patch. The bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one,” explained Naceri in a GitHub post.

Please enable Javascript to view this content

His proof of concept is on GitHub, and Bleeping Computer tested the exploit and ran it. It is also being exploited in the wild with malware, according to the publication.

Related

In a statement, a Microsoft spokesperson said that it will do what is necessary to keep its customers safe and protected. The company also mentioned it is aware of the disclosure opf the latest zero-day vulnerability. It mentioned that attackers must already have access and the ability to run code on a target victim’s machine for it to work.

With the Thanksgiving holiday in the U.S., and the fact that a hacker would need physical access to a PC, it could be a while until a patch is released. Microsoft usually issues fixes on the second Tuesday of each month, known as “Patch Tuesday.” It also tests bug fixes with Windows Insiders first. A fix could come as soon as December 14.

Editors’ Recommendations

Topics
Arif Bacchus
Arif Bacchus
Former Digital Trends Contributor
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
My quest to fully remove Microsoft Edge is finally complete
Microsoft Defender and Edge Security settings are open on a PC monitor.

I'm on a mission to eradicate Microsoft Edge from my PC.

It's not a slight against Microsoft -- I just don't particularly care for the Edge browser compared to some of the other best browsers out there. But Edge is different because Microsoft has tried -- and mostly failed -- to court its massive Windows user base, with some unsavory tactics, including making it nearly impossible to set a different default browser to massive, screen-overtaking popups when searching for the Chrome installer.

Read more
Microsoft tests a universal share button on Windows 11
A photo of the Sensel Click Composer Software running on Windows 11

Microsoft is looking to expand the use of its Share button in a future update to Windows 11, to make transporting content between contacts more efficient. The company is testing a universal Share button in a new Preview Build of Windows 11, now available to Windows Insiders in the Dev and Beta channels.

While the Share button availability can vary depending on the app on Windows, this new function will enable a Share button throughout the Windows 11 operating system, including in the taskbar and Start menu. Users will be able to send files, links, or text conveniently from their desktops.

Read more
Windows 11 vs. Windows 10: Is it finally time to update?
Microsoft Surface Laptop 2 sitting on a table.

Windows 11 is the newest version of Windows, and it's one of the best Windows versions ever released. It draws on its predecessors, like Windows 10, but today it's very much its own operating system, with a unique look, advanced features, and the most secure and stable platform for modern Windows application.

If you've been holding out on upgrading, or aren't running the latest version, we have everything you need to know about the most recent version of Windows 11.
Windows 11 2024 update (24H2)
The latest version of Windows 11, is the 2024 update known as 24H2. It initially rolled out to Windows Insiders in February 2024, but has since been released to the wider Windows user base starting October 1. It introduced a number of new and enhanced features to Windows, improving its fundamentals, as well as adding new capabilities, especially those running it on Copilot+ PCs and laptops.

Read more