CVE-2021-41379

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 5 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

1.35%

probability

This CVE has a 1.35% probability of being exploited in the next 30 days.

0% Top 80.3th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-59 · Link Following CWE-664 · Improper Control of a Resource Through its Lifetime CWE-706 · Use of Incorrectly-Resolved Name or Reference

Windows 'InstallerFileTakeOver' zero-day bug gets free micropatch

BleepingComputer Dec 09, 2021

New Windows zero-day with public exploit lets you become an admin

BleepingComputer Nov 22, 2021

Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws

BleepingComputer Nov 09, 2021

Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS

TheHackerNews

Malware now trying to exploit new Windows Installer zero-day

BleepingComputer Nov 23, 2021

Signal Intelligence

Confidenceⓘ

85%

EPSS 1.35%

Mentions 5

Last Seen Dec 09, 2021

CNA Information

Analyst Note

CVE-2021-41379 (InstallerFileTakeOver) is explicitly named as a Windows zero-day with public exploit in multiple BleepingComputer articles. Article [2] confirms 'New Windows zero-day with public exploit' and [5] reports malware exploitation attempts, indicating in-the-wild attacks. The November 2021 Patch Tuesday batch timing aligns with simultaneous patch release and exploitation, meeting zero-day criteria.

Threat Actors 1

Mana Team

apt_group 🇨🇳 CN

Triage Info

Decided atMar 20, 2026