Security researcher Abdelhamid Naceri has published a serious vulnerability in Windows on the Internet in protest of Microsoft’s low rewards for researchers who report vulnerabilities. The vulnerability could allow an attacker to gain full administrator rights over a computer within seconds.
Naceri took a closer look at a solution from Microsoft in early November 2021. He found that the bug was not properly fixed and that he was able to develop an even more powerful version of this exploit in a roundabout way. He published his findings on this vulnerability as a Proof-of-Concept on the widely used public code platform GitHub.
The Bleeping Computer test shows that it is a serious vulnerability. They tested the exploit on a test PC with the most recent version of Windows 10. The exploit turned out to be very simple to perform: by clicking a .exe, an installation file, a regular account without rights changes within a few seconds into an administrator account that has full access to the computer.
In many companies, it
Read the article