New file-deleting Windows zero-day vulnerability unearthed

By Vignesh Giridharan | Updated 26 Oct 2018
New file-deleting Windows zero-day vulnerability unearthed
  • Security SandboxEscaper has found a Windows vulnerability that is capable of letting exploits delete system DLLs.

A security researcher who goes by the name of SandboxEscaper on Twitter recently shared their discovery of a new zero-day vulnerability in Microsoft Windows—one that’s capable of letting an exploit delete system files. The vulnerability affects all recent version of Windows 10 including the most recent October 2018 Update. In the tweet, SandboxEscaper presented a proof-of-concept code on GitHub to demonstrate the hole in the popular operating system.

advertisements

This is the second vulnerability discovered by the researcher in a span of two months. Explaining the story around the new vulnerability, SandboxEscaper wrote in a separate tweet, “Not the same bug I posted a while back, this doesn't write garbage to files but actually deletes them.. meaning you can delete application dll's [sic] and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them.”

 

 

advertisements

According to the researcher, the vulnerability affects the Microsoft Data Sharing service (dssvc.dll), which is a local service for data exchange between applications. When the vulnerability is exploited, the attacker can gain admin permissions to compromise protected data on the computer. They can then delete system DLLs or replace them with malicious ones. 

As mentioned in SandboxEscaper’s tweet, the vulnerability is a low-quality one “that is a pain to exploit” and is hitherto left unpatched by Microsoft. Mitja Kolsek, the CEO of ACROS Security and the co-founder of 0patch confirmed the presence of the vulnerability shortly after SandboxEscaper’s tweet. 0patch then quickly released a micropatch for the vulnerability free of cost and tweeted about it.

advertisements
advertisements
Vignesh Giridharan
Progressively identifies with the term 'legacy device' as time marches on.
advertisements
ASK DIGIT

Recent Questions

File Explorer app for Windows Phone 8.1
Parag Jadhav
Sept 16, 2014
Responses 1
Vivek Bhatt
Sept 17, 2014
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements