Another Windows zero-day vulnerability gets disclosed on Twitter

Microsoft is not having a great time with security on Windows as another vulnerability has been discovered. The new vulnerability affects all recently Windows versions including Windows 10 and was discovered by a security researcher who shared it on Twitter.

The researcher who goes by the username “SandboxEscaper” also shared the Proof of Concept on GitHub demonstrating the vulnerability. According to the researcher, the Windows zero-day affects the Microsoft Data Sharing (dssvc.dll), a local service that provides data brokering between applications. The vulnerability affects  Windows OS including Windows 10 (including the latest October 2018 Update), Server 2016, and even the new Server 2019.

Mitja Kolsek, co-founder and CEO of ACROS Security has warned users not to run the PoC as it will delete the Windows files and force the users to run System Restore to fix it. While Microsoft is still working on a fix 0patch released a micropatch to block any exploitation attempts until Microsoft releases an official fix.

Via: ZDNet