Skip to main content
  1. Home
  2. Computing

Frustrated security researcher discloses Windows zero-day bug, blames Microsoft

By

There’s a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn’t alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Windows 11 blue error crash screen.
Microsoft

Microsoft apparently fixed a zero-day issue with the latest round of “Patch Tuesday” updates, but left another unpatched and incorrectly fixed. Naceri bypassed the patch and found a more powerful variant. The zero-day vulnerability impacts all supported versions of Windows, including Windows 8.1, Windows 10, and Windows 11.

Recommended Videos

“This variant was discovered during the analysis of CVE-2021-41379 patch. The bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one,” explained Naceri in a GitHub post.

Related

His proof of concept is on GitHub, and Bleeping Computer tested the exploit and ran it. It is also being exploited in the wild with malware, according to the publication.

In a statement, a Microsoft spokesperson said that it will do what is necessary to keep its customers safe and protected. The company also mentioned it is aware of the disclosure opf the latest zero-day vulnerability. It mentioned that attackers must already have access and the ability to run code on a target victim’s machine for it to work.

With the Thanksgiving holiday in the U.S., and the fact that a hacker would need physical access to a PC, it could be a while until a patch is released. Microsoft usually issues fixes on the second Tuesday of each month, known as “Patch Tuesday.” It also tests bug fixes with Windows Insiders first. A fix could come as soon as December 14.

Editors’ Recommendations

Topics
Arif Bacchus
Arif Bacchus
Former Digital Trends Contributor
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Windows 11 is creating an ‘undeletable’ 8.63GB cache
The Surface Pro 11 on a white table in front of a window.

The recent Windows 11 24H2 update is reportedly flawed with a new issue where it creates 8.63GB of undeletable update cache. This cache is made during the update process and seems to remain on the system, despite attempts to remove it using traditional methods like Disk Cleanup, Storage Sense, or even manually deleting system folders like Windows.old​.

The issue appears to be linked to checkpoint updates, a new feature in Windows 11 designed to streamline and shrink update sizes by downloading smaller patches rather than full updates.

Read more
Microsoft Word may delete your files — here’s how to avoid it
Windows 11 logo on a laptop.

There's a new bug in Microsoft Word that may delete your files, and according to user reports, they're not always recoverable through the Recycle Bin. Fortunately, Microsoft is aware of the problem, but it's unclear when the issue might be fixed. If you want to make sure that your files stay safe, we've got a few workarounds to help you out.

In the last few days, the Microsoft community boards have been flooded with reports of people complaining about their files randomly being deleted, with one user saying: "I use Word. Today, it deleted eight hours of work." Further reports quickly made it clear that the affected files have a few things in common.

Read more
It’s official — Microsoft WordPad is dead after 29 years
A screenshot of Microsoft WordPad running on Windows 11.

The Windows 11 2024 Update, otherwise known as version 24H2, started rolling out yesterday, but if you've already updated, you might notice something is missing. WordPad's deprecation has become a reality, as it has been completely removed from the new version of Windows 11.

This might not be a big deal to most users -- the lack of people using the app is part of the reason it was deprecated, after all. If you don't know, WordPad has been around since Windows 95, and in terms of features and functionality, it offers more than Notepad, but less than Microsoft Word.

Read more