Microsoft zero-day exploit revealed on twitter

New Microsoft unpatched Zero-day bug exposed in online again along with proof-of-concept (PoC) by the same security researcher who has previously leaked another critical zero-day vulnerability on Twitter.

The unpatched flaw, referred as a Deletebug, allows a non-admin to delete any kind of file on a victim machine, including system data.

Darren Allan in TechRadar was one of a number of writers to cut to the quick. The vulnerability involved the Microsoft Data Sharing Service (dssvc.dll). This is a local service that runs as a LocalSystem account with extensive privileges and enables data to be brokered between applications.

SandboxEscaper previously exposed Windows Zero-day vulnerability exploit online that discovered in Microsoft Windows Task Scheduler.

The vulnerability affects flavours of Windows 10 that include the latest October 2018 Update, for those who have installed it – along with Windows Server 2016 and 2019, said TechRadar.

Also she said, “Not the same bug I posted a while back, this doesn’t write garbage to files but actually deletes them.. meaning you can delete application dll’s and hope they go look for them in user write-able locations. Or delete stuff used by system services c:windowstemp and hijack them.”

Catalin Cimpanu in ZDNet similarly said that, according to several security experts, the zero-day only affects recent versions of the Windows OS, such as Windows 10 (all versions, including the latest October 2018 Update), Server 2016, and even the new Server 2019.

According to SandboxEscaper, who released the PoC, the bug allows an adversary to delete application libraries (DLL files) – which means that the affected applications will then go look for their libraries elsewhere. If an application finds its way to a user-writeable location, it gives an attacker an opportunity to upload his or her own malicious library, resulting in machine compromise.

Earlier Windows versions that did not carry Data Sharing Service are not affected. That means it does not affect Windows 8.1 or earlier incarnations of Microsoft’s desktop OS, Allan wrote.

Leave a Reply