Skip to main content
  1. Home
  2. Computing

Frustrated security researcher discloses Windows zero-day bug, blames Microsoft

Arif Bacchus
By

There’s a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn’t alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Windows 11 blue error crash screen.
Microsoft

Microsoft apparently fixed a zero-day issue with the latest round of “Patch Tuesday” updates, but left another unpatched and incorrectly fixed. Naceri bypassed the patch and found a more powerful variant. The zero-day vulnerability impacts all supported versions of Windows, including Windows 8.1, Windows 10, and Windows 11.

Recommended Videos

“This variant was discovered during the analysis of CVE-2021-41379 patch. The bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one,” explained Naceri in a GitHub post.

Related

His proof of concept is on GitHub, and Bleeping Computer tested the exploit and ran it. It is also being exploited in the wild with malware, according to the publication.

In a statement, a Microsoft spokesperson said that it will do what is necessary to keep its customers safe and protected. The company also mentioned it is aware of the disclosure opf the latest zero-day vulnerability. It mentioned that attackers must already have access and the ability to run code on a target victim’s machine for it to work.

With the Thanksgiving holiday in the U.S., and the fact that a hacker would need physical access to a PC, it could be a while until a patch is released. Microsoft usually issues fixes on the second Tuesday of each month, known as “Patch Tuesday.” It also tests bug fixes with Windows Insiders first. A fix could come as soon as December 14.

Editors' Recommendations

Topics
Arif Bacchus
Arif Bacchus
Computing Writer
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
I hope Microsoft adds this rumored AI feature to Windows 11
A Windows 11 device sits on a table.

From smart speakers to ChatGPT and Bing Chat, AI has slowly crept into our lives, but not all instances of AI are as prominent as those three examples. Sometimes, the effect is subtle, but still pretty nice. It appears that Microsoft is working on one such instance of AI-enhanced tech that could make using Windows 11 just a little more pleasant. We're talking about AI-powered live wallpapers, and they might be coming soon.

First spotted by Windows Latest, Microsoft is readying an AI-powered desktop that could make the whole user experience feel a lot more interactive. The idea is to adjust depth perception and make some backgrounds appear more "alive" when moving your cursor or the entire device. The wallpaper might move or shift, depending on what you're doing on the desktop.

Read more
Microsoft is removing a Windows app that’s almost 30 years old
Computer user touching on Microsoft word icon to open the program.

Microsoft is saying goodbye to WordPad, its long-supported rich text application, which will no longer receive updates as of September 1.

The brand recently announced that the app is now among its list of deprecated Windows features. Microsoft explained the difference between deprecation and removal, noting that the former is when a feature is at the end of its life cycle and is no longer in active development, and the latter is when a feature is removed after having been deprecated.

Read more
Windows 11 will finally respect your default browser — in Europe
Microsoft Edge appears on a computer screen with plants and a window in the background.

Microsoft makes it easy to change the default browser in Windows 11. That's important if you require special features specific to one of the many web browsers that are available on a PC. Unfortunately, it's not as simple to be rid of Edge entirely.

Microsoft Edge will still load to open some other file types. When opening a link from Windows Settings or other system components, the webpage will load in Edge. That's now about to change, however, according to a recent Windows blog post.

Read more