New file-deleting Windows zero-day vulnerability unearthed

Security SandboxEscaper has found a Windows vulnerability that is capable of letting exploits delete system DLLs.

Published Date
26 - Oct - 2018
| Last Updated
26 - Oct - 2018
 
New file-deleting Windows zero-day vulnerability unearthed

A security researcher who goes by the name of SandboxEscaper on Twitter recently shared their discovery of a new zero-day vulnerability in Microsoft Windows—one that’s capable of letting an exploit delete system files. The vulnerability affects all recent version of Windows 10 including the most recent October 2018 Update. In the tweet, SandboxEscaper presented a proof-of-concept code on GitHub to demonstrate the hole in the popular operating system.

This is the second vulnerability discovered by the researcher in a span of two months. Explaining the story around the new vulnerability, SandboxEscaper wrote in a separate tweet, “Not the same bug I posted a while back, this doesn't write garbage to files but actually deletes them.. meaning you can delete application dll's [sic] and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them.”

 

 

According to the researcher, the vulnerability affects the Microsoft Data Sharing service (dssvc.dll), which is a local service for data exchange between applications. When the vulnerability is exploited, the attacker can gain admin permissions to compromise protected data on the computer. They can then delete system DLLs or replace them with malicious ones. 

As mentioned in SandboxEscaper’s tweet, the vulnerability is a low-quality one “that is a pain to exploit” and is hitherto left unpatched by Microsoft. Mitja Kolsek, the CEO of ACROS Security and the co-founder of 0patch confirmed the presence of the vulnerability shortly after SandboxEscaper’s tweet. 0patch then quickly released a micropatch for the vulnerability free of cost and tweeted about it.

Vignesh GiridharanVignesh Giridharan

Progressively identifies with the term 'legacy device' as time marches on.