Skip to main content
  1. Home
  2. Computing

Frustrated security researcher discloses Windows zero-day bug, blames Microsoft

Arif Bacchus
By

There’s a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn’t alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Windows 11 blue error crash screen.
Microsoft

Microsoft apparently fixed a zero-day issue with the latest round of “Patch Tuesday” updates, but left another unpatched and incorrectly fixed. Naceri bypassed the patch and found a more powerful variant. The zero-day vulnerability impacts all supported versions of Windows, including Windows 8.1, Windows 10, and Windows 11.

Recommended Videos

“This variant was discovered during the analysis of CVE-2021-41379 patch. The bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one,” explained Naceri in a GitHub post.

Related

His proof of concept is on GitHub, and Bleeping Computer tested the exploit and ran it. It is also being exploited in the wild with malware, according to the publication.

In a statement, a Microsoft spokesperson said that it will do what is necessary to keep its customers safe and protected. The company also mentioned it is aware of the disclosure opf the latest zero-day vulnerability. It mentioned that attackers must already have access and the ability to run code on a target victim’s machine for it to work.

With the Thanksgiving holiday in the U.S., and the fact that a hacker would need physical access to a PC, it could be a while until a patch is released. Microsoft usually issues fixes on the second Tuesday of each month, known as “Patch Tuesday.” It also tests bug fixes with Windows Insiders first. A fix could come as soon as December 14.

Editors' Recommendations

Topics
Arif Bacchus
Arif Bacchus
Computing Writer
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Windows 11 vs. Windows 10: finally time to upgrade?
The screen of the Surface Pro 9.

Windows 11 is the newest version of Windows, and it's one of the best Windows versions released. At launch, the operating system was very similar to Windows 10, but it has morphed a lot over the past several years. Now, Windows 11 has several key differences compared to Windows 10.

If you've been holding out on upgrading, we have everything you need to know about Windows 11 and how it's different than Windows 10 in this article. We'll detail the differences, as well as show you the areas where Windows 11 is growing faster than Windows 10.
Windows 11 vs. Windows 10: what's new

Read more
Beware! The latest Windows 11 update might crash your PC
A laptop running Windows 11.

Microsoft releases routine updates for Windows every month, and while the intent is to fix issues and occasionally add new features, the latest one is doing more harm than good. Some Windows 11 users have taken to social media to report that the latest KB5035853 update could be crashing their PCs, with the feared Blue Screen of Death (BSoD) appearing on startup.

Although Microsoft hasn't appeared to document any known issues with this update for Windows 11 22H2 and Windows 11 23H3, there's a Reddit thread on the matter. Frustrated Windows 11 users mention the problems they are experiencing after installing the update. One mentions that Explorer.exe shows an error during shutdown and another reports that the ribbon of the File Explorer is slow to load. Audio-related issues and PCs feeling laggy when gaming are among some of the other problems being reported.

Read more
Microsoft’s next event could reveal the Surface Pro we’ve been waiting for
The Microsoft logo at the company's September 2023 event.

Microsoft has just confirmed that it will hold a Surface and Windows event on March 21, as previously rumored. The company went live with a placeholder webpage for a digital event titled "New Era of Work," teasing some new announcements and how it will " advance the new era of work with Copilot."

Set to kick off at 9 a.m. PT on March 21 , it's looking as though this event might be a little bit more focused on the business side of things, rather than consumer offerings. Microsoft doesn't get into many details, but mentioned how the event will be focused on "the latest in scaling AI in your environment with Copilot, Windows, and Surface."

Read more