A WARNING has been issued to Microsoft users after a new vulnerability was discovered that leaves them exposed to hackers.
Microsoft Windows 10 and Windows 11 users are urged to be on high alert after reports of a botched security update that failed to handle the threat.
The flawed fix is reportedly “more powerful than the original one” allowing hackers to take over computers.
Forbes said that the vulnerability has already been exploited by hackers.
“During our investigation, we looked at recent malware samples and were able to identify several that were already attempting to leverage the exploit,” Cisco Talos’ Head of Outreach Nick Biasini told BleepingComputer.
“Since the volume is low, this is likely people working with the proof of concept code or testing for future campaigns. This is just more evidence on how quickly adversaries work to weaponize a publicly available exploit.”
Security researcher Abdelhamid Naceri publicly disclosed the vulnerability.
He said that it bypasses the previous flaw, named CVE-2021-41379, which Microsoft thought it had patched in November.
Forbes reports that it “enables a hacker to elevate privileges allowing them to take over a computer and spread their attacks across the victim’s network.”
According to Bleeping Computer, when exploited, the vulnerability gives the attacker system privileges on all up-to-date devices running the latest Windows releases.
These are the highest user rights available on Windows.
It makes it possible for the attacker to perform any operating system command.
Experts have warned that a Microsoft update may be the only fix to this new flaw.
“The best workaround available at the time of writing this is to wait for Microsoft to release a security patch, due to the complexity of this vulnerability,” explained Naceri.
“Any attempt to patch the binary directly will break windows installer. So you better wait and see how Microsoft will screw the patch again.”