Malware creators have already started testing a proof-of-concept exploit targeting a new Microsoft Windows Installer zero-day. The vulnerability in question is a local privilege elevation bug found as a bypass to a patch Microsoft released during November 2021’s Patch Tuesday to address a flaw tracked as CVE-2021-41379. If successfully exploited, this bypass gives attackers SYSTEM privileges on up-to-date devices running the latest Windows releases, including Windows 10, Windows 11, and Windows Server 2022.”]

