0PATCH fixes Windows Installer Local Privilege Escalation 0day Vulnerability

by ·

Microsoft has tried to fix security vulnerabilities in Windows Installer components many times, and it has not been able to completely solve the problem since it was found in 2019.

At that time, a female hacker and Microsoft fought on such vulnerabilities. This female hacker did not submit the vulnerabilities to Microsoft but made them public, which caused Microsoft a headache.

Microsoft still has to continue to fix such vulnerabilities, but in the past two years, Microsoft has released multiple fixes but still has not completely solved the vulnerabilities. The vulnerability numbers include: CVE-2019-0841, CVE-2019-1415, CVE-2020-1302, CVE-2020-0814, CVE-2020-16902.

But until now, the privilege escalation vulnerability in the Windows Installer component still exists, and researchers have proved that the vulnerability can be used to obtain system-level permissions.

The Windows Installer also comes with a rollback function during installation. If there is a problem with the installation, the installer will automatically create a rollback script and restore all changes during the period.

If a hacker with local authority replaces the rollback script with a registry key and points to another script with load, it can be executed with SYSTEM authority.

Executing malicious scripts with system-level permissions may make the entire operating system fall, so the vulnerability of this vulnerability is still very high.

After many rounds of repairs, Microsoft still has not completely solved the problem. After each repair, researchers can always find new ways to continue to exploit the loopholes and continue to raise rights.

0PATCH is a vulnerability mitigation client provided by a third-party platform. After installing, users can automatically deploy all the solutions provided by this platform.

At present, the platform has launched a mitigation solution for Windows Installer, which prevents potential attacks by preventing non-local administrators from modifying scripts.

Although this repair is not a permanent repair program, it is also an optional program for users, and it can be used until Microsoft completely solves the problem.

If you want to deploy this solution, you need to install the 0PATCH client. If the user pays great attention to security, you can click Welcome to the era of vulnerability micropatching – 0patch to download the latest 0PATCH client.

Supported operating systems include Windows 10 v2004/20H1 version, 20H2 version, V1909 version, Windows 7 ESU extended support for the full range of versions.

Tags: