A nasty new security flaw lets hackers take over Windows 10 and Windows 11 machines — and there's no fix available yet.
A working exploit for the flaw, which its creator calls "InstallerFileTakeOver (opens in new tab)," was posted on the Microsoft-owned software repository GitHub this past Sunday (Nov. 21).
Because our workplace computers are locked down by our IT department, we haven't been able to try out InstallerFileTakeOver. But several security experts say it works just fine and gives full system control to logged-in users who normally shouldn't be able to install, delete or modify programs.
Yeah, this LPE indeed works fine on a fully-patched Windows 11 system. https://t.co/7v0oXSZrnM pic.twitter.com/kvvISKabeGNovember 22, 2021
"This vulnerability affects every version of Microsoft Windows, including fully patched Windows 11 and Server 2022," said researchers at Cisco Talos (opens in new tab) yesterday (Nov. 23). "Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability."
Can confirm this works, local priv esc. Tested on Windows 10 20H2 and Windows 11.The prior patch MS issued didn't fix the issue properly. https://t.co/OEdmtlMZvYNovember 22, 2021
Unfortunately, there's no sure-fire way to protect your PC just yet, as the exploit's creator, Moroccan researcher Abdelhamid Naceri, explained in his GitHub post (opens in new tab).
"The best workaround available at the time of writing this is to wait Microsoft to release a security patch, due to the complexity of this vulnerability," wrote Naceri. "Any attempt to patch the binary directly will break Windows Installer," the Windows 10 and Windows 11 program that updates Microsoft software.
The best way to defend yourself is to install and run some of the best Windows antivirus software, free or paid. Don't open files that randomly come to you from websites, email messages, social media or instant messages. And keep a close eye on who has access to your computer.
There's some defense in the fact that the attack has to start with a user who's already logged into the system. But the attacker doesn't have to be a human — malware that made it onto the machine by other means could just as easily exploit this flaw.