Source URL: https://www.theregister.com/2024/09/12/worried_about_that_microsoft_installer/
Source: The Register
Title: About that Windows Installer ‘make me admin’ security hole. Here’s how it’s exploited
Feedly Summary: What kind of OS can be hijacked by clicking a link at just the right time? Microsoft’s
In this week’s Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware or a rogue user to gain SYSTEM-level privileges to hijack a PC.…
AI Summary and Description: Yes
Summary: The text discusses a recently discovered privilege escalation vulnerability, CVE-2024-38014, in the Windows Installer that allows malware or unauthorized users to gain SYSTEM-level privileges. SEC Consult disclosed the vulnerability, and Microsoft has released a patch. Moreover, an open-source tool was developed to help users identify vulnerable installer files.
Detailed Description: The report highlights significant developments surrounding a vulnerability in the Windows Installer, emphasizing the implications for security and compliance professionals.
– **Vulnerability Identified**: The flaw, designated CVE-2024-38014, allows a low-privileged user to escalate their privileges to SYSTEM-level by exploiting the Installer process.
– **Security Researcher Involvement**: SEC Consult’s researcher Michael Baer discovered the issue and has shared both detailed findings and an open-source scanning tool, msiscan, that automates the detection of vulnerable installer files.
– **Exploitation Details**:
– The attack occurs when a user runs an .msi file to repair an application. During the repair, a command prompt can be opened with SYSTEM privileges.
– Specific steps to exploit the vulnerability involve manipulating the Installer’s process through commands in a browser.
– The technique has limitations and does not operate on recent versions of Edge or Internet Explorer.
– **Mitigation**: Microsoft has since released a patch, but many users may not have implemented it, posing continued risks.
– **Practical Implications**:
– Organizations should prioritize the deployment of this patch and consider leveraging the msiscan tool to identify at-risk systems.
– This incident highlights the importance of continuous monitoring and patch management within organizational security frameworks.
In sum, this vulnerability is notable for security and compliance professionals due to its impact on privilege management within Windows environments, making it crucial to adopt prompt mitigation strategies and to educate users on the risks of executing installer packages.