A security researcher who goes by the name of SandboxEscaper on Twitter recently shared their discovery of a new zero-day vulnerability in Microsoft Windows—one that’s capable of letting an exploit delete system files. The vulnerability affects all recent version of Windows 10 including the most recent October 2018 Update. In the tweet, SandboxEscaper presented a proof-of-concept code on GitHub to demonstrate the hole in the popular operating system.
This is the second vulnerability discovered by the researcher in a span of two months. Explaining the story around the new vulnerability, SandboxEscaper wrote in a separate tweet, “Not the same bug I posted a while back, this doesn't write garbage to files but actually deletes them.. meaning you can delete application dll's [sic] and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them.”
https://t.co/1Of8EsOW8z Here's a low quality bug that is a pain to exploit.. still unpatched. I'm done with all this anyway. Probably going to get into problems because of being broke now.. but whatever. — SandboxEscaper (@SandboxEscaper) 23 October 2018
According to the researcher, the vulnerability affects the Microsoft Data Sharing service (dssvc.dll), which is a local service for data exchange between applications. When the vulnerability is exploited, the attacker can gain admin permissions to compromise protected data on the computer. They can then delete system DLLs or replace them with malicious ones.
As mentioned in SandboxEscaper’s tweet, the vulnerability is a low-quality one “that is a pain to exploit” and is hitherto left unpatched by Microsoft. Mitja Kolsek, the CEO of ACROS Security and the co-founder of 0patch confirmed the presence of the vulnerability shortly after SandboxEscaper’s tweet. 0patch then quickly released a micropatch for the vulnerability free of cost and tweeted about it.