Home » News » General » New file-deleting Windows zero-day vulnerability unearthed

New file-deleting Windows zero-day vulnerability unearthed

By Vignesh Giridharan | Updated on 04-Jun-2020
New file-deleting Windows zero-day vulnerability unearthed
Vignesh Giridharan Vignesh Giridharan
04-Jun-2020
HIGHLIGHTS

Security SandboxEscaper has found a Windows vulnerability that is capable of letting exploits delete system DLLs.

A security researcher who goes by the name of SandboxEscaper on Twitter recently shared their discovery of a new zero-day vulnerability in Microsoft Windows—one that’s capable of letting an exploit delete system files. The vulnerability affects all recent version of Windows 10 including the most recent October 2018 Update. In the tweet, SandboxEscaper presented a proof-of-concept code on GitHub to demonstrate the hole in the popular operating system.

This is the second vulnerability discovered by the researcher in a span of two months. Explaining the story around the new vulnerability, SandboxEscaper wrote in a separate tweet, “Not the same bug I posted a while back, this doesn't write garbage to files but actually deletes them.. meaning you can delete application dll's [sic] and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them.”

 

 

According to the researcher, the vulnerability affects the Microsoft Data Sharing service (dssvc.dll), which is a local service for data exchange between applications. When the vulnerability is exploited, the attacker can gain admin permissions to compromise protected data on the computer. They can then delete system DLLs or replace them with malicious ones. 

As mentioned in SandboxEscaper’s tweet, the vulnerability is a low-quality one “that is a pain to exploit” and is hitherto left unpatched by Microsoft. Mitja Kolsek, the CEO of ACROS Security and the co-founder of 0patch confirmed the presence of the vulnerability shortly after SandboxEscaper’s tweet. 0patch then quickly released a micropatch for the vulnerability free of cost and tweeted about it.

Vignesh Giridharan

Vignesh Giridharan

Progressively identifies more with the term ‘legacy device’ as time marches on. View Full Profile

New Mobiles
iQOO Z9s 5GTecno Pova 6 NeoHonor 200 Literealme NARZO 70 Turbo 5G
Top-10s
Best OnePlus Mobile Phones in IndiaBest Motorola Smartphones in IndiaBest Gaming Phones under ₹10,000 in IndiaBest Quad Camera Mobile Phones in India
Latest News
Amazon Great Indian Festival 2024: Sale date, offers and more revealedBest Xiaomi smartphones under ₹15,000: September 2024Intel India Leaders on the AI PC Revolution: “The Tipping Point Is Now”Did Earth ever have rings like Saturn? Study links asteroid breakup to climate change
Digit

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

Follow us : logo logo logo logo logo logo
Company About Us Contact Us Advertise with us Regulatory Terms & Conditions Privacy Policy Disclaimer Complaint Redressal
Copyright © 2024 Bennett, Coleman & Company Limited All Rights Reserved.
Digit.in
Logo
Digit.in
Logo