Winsage
July 18, 2024
An unpatched vulnerability in Windows installer files allows attackers to elevate privileges and potentially take over vulnerable systems. The vulnerability stems from the way Windows handles permissions for installer files, allowing custom actions to bypass normal account protections and carry out malicious activities. The flaw was reported to Microsoft last year but was dismissed as not replicable on patched systems. The vulnerability requires local access to exploit, making it more difficult for threat actors to take advantage of.