November 24, 2021

InstallerFileTakeOver in use by Threat Actors

Industry: N/A | Level: Tactical | Source: CiscoTalos

Follow up on the vulnerability identified by security researcher, Abdelhamid Naceri, regarding the bypass of CVE-2021-41379 that was not properly patched by Microsoft in November 2021’s patch Tuesday. The vulnerability enables a user to elevate their privileges to admin. Cisco Talos has identified malware samples in the wild taking advantage of this vulnerability.

  • Anvilogic Use Case: Potential InstallerFileTakeOver CVE-2021-41379