Skip to main content

Frustrated security researcher discloses Windows zero-day bug, blames Microsoft

There’s a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn’t alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Windows 11 blue error crash screen.

Microsoft apparently fixed a zero-day issue with the latest round of “Patch Tuesday” updates, but left another unpatched and incorrectly fixed. Naceri bypassed the patch and found a more powerful variant. The zero-day vulnerability impacts all supported versions of Windows, including Windows 8.1, Windows 10, and Windows 11.

“This variant was discovered during the analysis of CVE-2021-41379 patch. The bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one,” explained Naceri in a GitHub post.

His proof of concept is on GitHub, and Bleeping Computer tested the exploit and ran it. It is also being exploited in the wild with malware, according to the publication.

In a statement, a Microsoft spokesperson said that it will do what is necessary to keep its customers safe and protected. The company also mentioned it is aware of the disclosure opf the latest zero-day vulnerability. It mentioned that attackers must already have access and the ability to run code on a target victim’s machine for it to work.

With the Thanksgiving holiday in the U.S., and the fact that a hacker would need physical access to a PC, it could be a while until a patch is released. Microsoft usually issues fixes on the second Tuesday of each month, known as “Patch Tuesday.” It also tests bug fixes with Windows Insiders first. A fix could come as soon as December 14.

Editors' Recommendations

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Ranking all 12 versions of Windows, from worst to best
Windows 7 desktop.

You can tell a person's age by which version of Windows is their favorite. I have fond memories of XP and Windows 98 SE, so you can take a guess at mine, but I have colleagues who are much more enamored with Windows 7, or Windows 95. We all have something disparaging to say about Windows 8 though, and the less said about Windows Vista the better.

Ranking the different versions of Windows is about more than what era of computing you grew up in, though. There are some very serious duds in Microsoft's back catalog, just as there are a few wins too. But whether you can look back on some of Microsoft's disastrous releases with rose-tinted glasses, or have some genuine love for Microsoft's missteps, here's every version of Windows ranked from best to worst.
12. Windows ME

Read more
One of Windows 11’s most requested features may launch soon
Windows 11 updates are moving to once a year.

Windows 11 has a lot of great features, but moving the entire taskbar to a new location is not one of them (although you can move its icons). Despite that, it’s a highly requested feature -- and one that Microsoft might be about to make a reality.

According to Windows enthusiast @thebookisclosed on Twitter, a moveable taskbar is something Microsoft is at least considering, as evidenced by a video of the feature in action that was shared on the account’s Twitter page.

Read more
PC gamers are flocking to Windows 11, new Steam survey says
Shadow of the Tomb Raider on the Alienware 34 QD-OLED.

According to the latest Steam Hardware and Software Survey, more PC gamers are switching to using Windows 11. Although Windows 10 continues to top the charts, it's slowly losing users to Microsoft's newer operating system, as Windows 11 now compromises over a third of all operating systems in Steam's monthly survey.

It's happy news for Microsoft as Windows 11 continues to inch forward in the Steam Hardware Survey. While the survey doesn't include the software and hardware utilized by each and every gamer on the platform, it still shows us some significant averages. Microsoft has continued to push Windows 11 for new PCs, and the latest survey from Steam suggests that the effort is working.

Read more