A troubling new security flaw has been discovered that allows hackers to take over Windows 10 and Windows 11 machines.
A working exploit for the flaw, which the author calls "InstallerFileTakeOver," was posted this past Sunday (November 21) on GitHub, a Microsoft-owned software repository.
We were unable to try InstallerFileTakeOver because our work computers are locked down by the IT department. However, according to several security experts, it works fine and gives full control of the system to logged-in users who normally would not be able to install, remove, or change programs.
"This vulnerability affects all versions of Microsoft Windows, including the fully patched Windows 11 and Server 2022," said Cisco Talos researchers yesterday (November 23). Talos has already detected malware samples that attempt to exploit this vulnerability."
Unfortunately, there is still no reliable way to protect your PC, as the creator of the exploit, Moroccan researcher Abdelhamid Naceri, explains in his GitHub post.
"The best workaround available as of this writing is to wait for Microsoft to release a security patch because of the complexity of this vulnerability," Naceri wrote.
"Trying to patch the binary directly will break Windows Installer, the Windows 10 and Windows 11 program that updates Microsoft software.The best way to protect yourself is to install and run the best free or paid Windows antivirus software. Don't open random files sent to you from websites, email messages, social media, or instant messages. And always keep an eye on who has access to your computer.
There is some protection in that an attack must start with a user who is already logged into the system. However, the attacker need not be human. Malware that has infiltrated the machine by other means can exploit this flaw just as easily.
Comments