Jump to content

Windows 10 is hit by another zero-day security flaw

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted

Another zero-day security hole in Windows 10 has been made public, by the same security researcher who highlighted a very similar vulnerability back in August.

SandboxEscaper tweeted about the bug (and released a proof of concept), noting that it was difficult to exploit, but still unpatched. The vulnerability affects all flavors of Windows 10 – including the latest October 2018 Update, for those who have installed it – along with Windows Server 2016 and 2019.

The problem leverages Microsoft’s Data Sharing Service (dssvc.dll), which facilitates data brokering between running applications.

As ZDNet reports, Will Dormann of CERT/CC noted that it apparently doesn’t affect Windows 8.1 or earlier incarnations of Microsoft’s desktop OS, simply because the aforementioned Data Sharing Service isn’t present in those versions of Windows.

Familiar flaw?

The zero-day vulnerability is described as close to identical to the flaw discovered by SandboxEscaper back in August, as mentioned, although the security researcher took pains to clarify that it certainly isn’t the same bug.

SandboxEscaper observed: “Not the same bug I posted a while back, this doesn't write garbage to files but actually deletes them… meaning you can delete application dll's and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them.”

In short, the exploit could potentially be used to elevate privileges on a system the attacker already has access to, and facilitate non-admins deleting any file on a computer because the Data Sharing Service isn’t correctly checking permissions (as security expert Kevin Beaumont made clear).

SandboxEscaper’s previous bug revelation employed some colorful language, and had a serious pop at Microsoft’s bug submission procedures, something which the security researcher apparently later regretted.

dUjxvN5flKo

View the full article

Link to comment
Share on other sites
  • Leader
RedBaird Grand Master

RedBaird

Posted
  • Leader
Posted (edited)
5 hours ago, sincity said:

SandboxEscaper’s previous bug revelation employed some colorful language,

tweet was deleted 

from account https://twitter.com/SandboxEscaper/

 

... sadly, many of his tweets sound like he suffers from depression, or manic-D ...

 

Quote
SandboxEscaper @SandboxEscaper 20h20 hours ago
MoreI don't want these moodswings anymore :( I just want to be a happy person.

 

found also

 

Quote

Someone once called me a bipolar bear in a DM, which I thought was really funny. I like polar bears.

 

Edited by RedBaird
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept