Windows Zero-day vulnerability capable of deleting files uncovered
A new zero-day vulnerability that can be exploited to delete Windows system files has been uncovered by a security researcher. The researcher, who goes by the name SandboxEscaper, uncovered the bug on Twitter by presenting a proof-of-concept code. It affects all recent versions of Windows 10, including the latest October 2018 Update, and still remains unpatched. Here are more details.
The bug can be exploited to delete Windows system files
The bug, second zero-day vulnerability to be discovered by the researcher, affects Microsoft Data Sharing service (dssvc.dll) - a local service for data brokering between applications. When exploited, it can lead to privilege escalation, where the attacker can gain admin rights to compromise protected resources on the system. Then, they can delete system DLLs, provide malicious ones to compromise programs, or take other actions.
Only select Windows machines affected
The bug affects all Windows 10 versions as well as Windows Server 2016 and 2019. Windows 8.1 and other previous versions aren't at risk because they don't seem to have the Data Sharing Service (dssvc.dll) in question here.
However, it is a 'pain' to exploit
Though the bug poses a risk to Windows security, SandboxEscaper has called it low quality and a plain to exploit. It is also worth noting that security experts claim the new vulnerability is quite similar to the one flagged in late August. However, unlike the previous one, the latest vulnerability (code on GitHub) doesn't write garbage files but actually deletes them and crashes Windows.
How to stay protected?
Though bugs like these are difficult to exploit, ACROS Security has released a micro-patch through its OPatch platform to block exploitation attempts until Microsoft issues an official fix. Microsoft's fix for the last vulnerability came in September and we can expect something similar in the coming weeks. "Our standard policy is to provide solutions via our current Update Tuesday schedule," the company told ZDNet.