CVE-2021-41379

Name of the Vulnerable Software and Affected Versions Microsoft Windows Installer versions prior to the fixed version

Description The vulnerability is related to an elevation-of-privilege issue in the Windows Installer component, allowing attackers to gain administrative privileges. This issue affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022. The vulnerability was discovered after analyzing a patch for a previously known issue, which was not correctly fixed, leading to the creation of a bypass. An exploit for this vulnerability has been made public, and it has been reported that malicious actors are already using it to create malware. The estimated number of potentially affected devices is not specified, but it is likely to be high given the widespread use of Windows operating systems.

Recommendations For all versions of Microsoft Windows Installer prior to the fixed version: At the moment, there is no information about a newer version that contains a fix for this vulnerability.