Skip to main content

Zero-day flaw puts all Windows 10 and Windows 11 PCs at risk — what to do

a moody photo of a person, presumably a hacker, typing on a keyboard
(Image credit: Getty Images)

A nasty new security flaw lets hackers take over Windows 10 and Windows 11 machines — and there's no fix available yet.

A working exploit for the flaw, which its creator calls "InstallerFileTakeOver," was posted on the Microsoft-owned software repository GitHub this past Sunday (Nov. 21). 

Because our workplace computers are locked down by our IT department, we haven't been able to try out InstallerFileTakeOver. But several security experts say it works just fine and gives full system control to logged-in users who normally shouldn't be able to install, delete or modify programs.

See more

"This vulnerability affects every version of Microsoft Windows, including fully patched Windows 11 and Server 2022," said researchers at Cisco Talos  yesterday (Nov. 23). "Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability."

See more

Unfortunately, there's no sure-fire way to protect your PC just yet, as the exploit's creator, Moroccan researcher Abdelhamid Naceri, explained in his GitHub post.

"The best workaround available at the time of writing this is to wait Microsoft to release a security patch, due to the complexity of this vulnerability," wrote Naceri. "Any attempt to patch the binary directly will break Windows Installer," the Windows 10 and Windows 11 program that updates Microsoft software.

The best way to defend yourself is to install and run some of the best Windows antivirus software, free or paid. Don't open files that randomly come to you from websites, email messages, social media or instant messages. And keep a close eye on who has access to your computer.

There's some defense in the fact that the attack has to start with a user who's already logged into the system. But the attacker doesn't have to be a human — malware that made it onto the machine by other means could just as easily exploit this flaw.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.