Another Windows zero-day vulnerability gets disclosed on Twitter

Microsoft is not having a great time with security on Windows as another vulnerability has been discovered. The new vulnerability affects all recently Windows versions including Windows 10 and was discovered by a security researcher who shared it on Twitter.

https://twitter.com/SandboxEscaper/status/1054744201244692485

The researcher who goes by the username “SandboxEscaper” also shared the Proof of Concept on GitHub demonstrating the vulnerability. According to the researcher, the Windows zero-day affects the Microsoft Data Sharing (dssvc.dll), a local service that provides data brokering between applications. The vulnerability affects  Windows OS including Windows 10 (including the latest October 2018 Update), Server 2016, and even the new Server 2019.

7 hours after the 0day in Microsoft Data Sharing Service was dropped, we have a micropatch candidate that successfully blocks the exploit by adding impersonation to the DeleteFileW call. As you can see, the Delete operation now gets an "ACCESS DENIED" due to impersonation. pic.twitter.com/qoQgMqtTas

— 0patch (@0patch) October 23, 2018

Mitja Kolsek, co-founder and CEO of ACROS Security has warned users not to run the PoC as it will delete the Windows files and force the users to run System Restore to fix it. While Microsoft is still working on a fix 0patch released a micropatch to block any exploitation attempts until Microsoft releases an official fix.

Via: ZDNet