Skip to main content
  1. Home
  2. Computing

Frustrated security researcher discloses Windows zero-day bug, blames Microsoft

Arif Bacchus
By

There’s a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn’t alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Windows 11 blue error crash screen.
Microsoft

Microsoft apparently fixed a zero-day issue with the latest round of “Patch Tuesday” updates, but left another unpatched and incorrectly fixed. Naceri bypassed the patch and found a more powerful variant. The zero-day vulnerability impacts all supported versions of Windows, including Windows 8.1, Windows 10, and Windows 11.

Recommended Videos

“This variant was discovered during the analysis of CVE-2021-41379 patch. The bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one,” explained Naceri in a GitHub post.

Related

His proof of concept is on GitHub, and Bleeping Computer tested the exploit and ran it. It is also being exploited in the wild with malware, according to the publication.

In a statement, a Microsoft spokesperson said that it will do what is necessary to keep its customers safe and protected. The company also mentioned it is aware of the disclosure opf the latest zero-day vulnerability. It mentioned that attackers must already have access and the ability to run code on a target victim’s machine for it to work.

With the Thanksgiving holiday in the U.S., and the fact that a hacker would need physical access to a PC, it could be a while until a patch is released. Microsoft usually issues fixes on the second Tuesday of each month, known as “Patch Tuesday.” It also tests bug fixes with Windows Insiders first. A fix could come as soon as December 14.

Editors' Recommendations

Topics
Arif Bacchus
Arif Bacchus
Computing Writer
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Microsoft may fix the most frustrating thing about Windows updates
Windows 11 updates are moving to once a year.

Most Windows users will agree that one of the most annoying things about the operating system is the updates. While Windows Updates are necessary, they often tend to come up at the worst possible time, interrupting work and gaming sessions with persistent reminders that the system needs to reboot. Microsoft might be fixing that problem in the upcoming Windows 11 24H2 build, but it's still too early to bid farewell to those ill-timed reboots.

As spotted in the latest Windows 11 Insider Preview Build 26058, Microsoft is testing "hot patching" for some Windows 11 updates. Hot patching refers to a dynamic method of updating that often doesn't change the software version and may not even need a restart. In the context of Windows 11, it's pretty straightforward -- Windows will install the update, and you won't have to reboot your system.

Read more
A new Windows 11 hardware system requirement may be incoming
A man sits, using a laptop running the Windows 11 operating system.

Microsoft appears to finally be putting its foot down on how far back it's willing to go when it comes to supporting older hardware. As of the upcoming Windows 11 24H2 build, Microsoft will require that your processor supports the POPCNT instruction. If you're wondering what that is and whether this will affect you, you're not alone.

This new addition was spotted by Bob Pony on X (formerly Twitter). According to the user, if the CPU doesn't support the POPCNT instruction or it's disabled, Windows won't work at all. Multiple system files now require this instruction, starting with the Windows 11 kernel. Long story short -- no POPCNT, no Windows 11 24H2.

Read more
7 beloved Windows apps that Microsoft has killed over the years
A screenshot of Internet Explorer 9.

Microsoft's history is littered with the discontinuation of once-beloved applications. Most recently, WordPad, the renowned text editor app, was conspicuously absent from the latest beta build of Windows 11, indicating an end to its 28-year-long journey. I have fond memories of using the app back in my college days when Microsoft Office was too pricey for me.

WordPad is far from the only app to get canceled by Microsoft over the years. From pioneering productivity tools to nostalgic multimedia players, let's reminisce about some of the most famous applications that Microsoft has consigned to the annals of tech history.
Internet Explorer

Read more