Yesterday afternoon Bleeping Computer reported on a critical Windows zero-day affecting all flavors of Windows client and server operating systems. A flaw in Microsoft’s patch for CVE-2021-41379 led to a post-authentication privilege escalation vulnerability that allows an attacker to pivot from a standard user account to NT AUTHORITY\SYSTEM with ease. Considering that there is currently no patch, it is essential that organizations begin alerting on this before breaking for Thanksgiving. Inform yourself and your team by reviewing the materials below.
Resources: