Zero-day flaw puts all Windows 10 and Windows 11 PCs at risk — what to do

News
By
published

Not much protection available for any current Windows system

a moody photo of a person, presumably a hacker, typing on a keyboard
(Image credit: Getty Images)

A nasty new security flaw lets hackers take over Windows 10 and Windows 11 machines — and there's no fix available yet.

A working exploit for the flaw, which its creator calls "InstallerFileTakeOver," was posted on the Microsoft-owned software repository GitHub this past Sunday (Nov. 21). 

Because our workplace computers are locked down by our IT department, we haven't been able to try out InstallerFileTakeOver. But several security experts say it works just fine and gives full system control to logged-in users who normally shouldn't be able to install, delete or modify programs.

"This vulnerability affects every version of Microsoft Windows, including fully patched Windows 11 and Server 2022," said researchers at Cisco Talos  yesterday (Nov. 23). "Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability."

Unfortunately, there's no sure-fire way to protect your PC just yet, as the exploit's creator, Moroccan researcher Abdelhamid Naceri, explained in his GitHub post.

"The best workaround available at the time of writing this is to wait Microsoft to release a security patch, due to the complexity of this vulnerability," wrote Naceri. "Any attempt to patch the binary directly will break Windows Installer," the Windows 10 and Windows 11 program that updates Microsoft software.

The best way to defend yourself is to install and run some of the best Windows antivirus software, free or paid. Don't open files that randomly come to you from websites, email messages, social media or instant messages. And keep a close eye on who has access to your computer.

There's some defense in the fact that the attack has to start with a user who's already logged into the system. But the attacker doesn't have to be a human — malware that made it onto the machine by other means could just as easily exploit this flaw.

See more Computing News
TOPICS
Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
Surface Laptop 5 open on desk showing Windows 11 desktop
Microsoft just fixed 72 Windows security flaws — update your PC right now
MacBook Pro 16-inch 2021 sitting on a patio table
Critical macOS flaw puts your data and cameras at risk — update right now
A laptop on a windowsill in the middle of a Windows update
Microsoft is ending support for Windows 10 soon — 5 ways to make sure your PC is secure
How to disable the Windows key
Microsoft patches over 160 security flaws including 3 active zero days — update your PC right now
laptop anger
Latest Windows 11 update reportedly breaking major parts of the operating system
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Latest in Windows Operating Systems
Microsoft Office is finally as it should have been on iPad
Microsoft tests free Word, PowerPoint and Excel apps for Windows — expect a lot of ads
laptop anger
Latest Windows 11 update reportedly breaking major parts of the operating system
Windows 10 logo
Windows 10 end of life set for this year — everything you need to know to get ready
Windows 11 logo on a laptop screen
I reviewed Windows 11, and these are the 5 new features I'm most excited about for 2025
A Windows 11 laptop, demonstrating how to run Android apps on Windows 11
How to remove the Windows 11 news and weather widget
Man typing on Windows 11 laptop
Microsoft confirms major Windows 11 and Windows 10 audio bug is cutting sound on PCs
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 11 (#639)
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Gmail logo on iPhone
Gmail just got a huge AI upgrade that will save you a ton of time
Xbox handheld
Xbox handheld reportedly arriving this year, new PC-like console in 2027
Concept image of foldable iPad
Apple reportedly has an 18.8-inch foldable iPad prototype with under-display Face ID
Adam Scott in "Severance," now streaming on Apple TV Plus.
'Severance' season 2 finale runtime just revealed — expect a violent finale
More about windows operating systems
Microsoft Office is finally as it should have been on iPad

Microsoft tests free Word, PowerPoint and Excel apps for Windows — expect a lot of ads

laptop anger

Latest Windows 11 update reportedly breaking major parts of the operating system
NYTimes Connections

NYT Connections today hints and answers — Tuesday, March 11 (#639)
See more latest
Most Popular
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 11 (#639)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #373 (Tuesday, March 11 2025)
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Gmail logo on iPhone
Gmail just got a huge AI upgrade that will save you a ton of time
Xbox handheld
Xbox handheld reportedly arriving this year, new PC-like console in 2027
Concept image of foldable iPad
Apple reportedly has an 18.8-inch foldable iPad prototype with under-display Face ID
Bradley Barcola of Paris Saint-Germain takes on goalkeeper Alisson Becker of Liverpool during a UEFA Champions League 2024/25 match
Liverpool vs PSG live stream: How to watch Champions League game online and on TV
Halyna Hutchins, the 42 year old Ukrainian cinematographer who died on the set of "Rust"
'Last Take: Rust and the Story of Halyna': How to watch the documentary online
Laura Harring and Naomi Watts in Mulholland Drive
These beloved David Lynch movies just hit Paramount Plus — catch them before they're gone
Adam Scott in "Severance," now streaming on Apple TV Plus.
'Severance' season 2 finale runtime just revealed — expect a violent finale