Two months ago, a security researcher with the name SandboxEscaper disclosed a local privilege escalation exploit in Windows. The researcher is back with another Windows zero-day vulnerability, which was disclosed on Twitter yesterday. A Proof-of-Concept (PoC) for this vulnerability was also published on Github.
Many security experts analyzed the PoC and stated that this zero-day vulnerability only affects recent versions of the Windows OS, such as Windows 10 (all versions, including the latest October 2018 Update), Server 2016, and even the new Server 2019. An attacker can use it to elevate their privileges on systems they already have an access to.
Will Dormann, software vulnerability analyst, CERT/CC, says, “this is because the “Data Sharing Service (dssvc.dll), does not seem to be present on Windows 8.1 and earlier systems.”
According to ZDNet, experts who analyzed the PoC say, “The PoC, in particular, was coded to delete files for which a user would normally need admin privileges to do so. With the appropriate modifications, other actions can be taken.”
This zero-day exploit is quite identical to the previous exploit released by SandboxEscaper in August, said Kevin Beaumont, an infosec geek at Vault-Tec. “It allows non-admins to delete any file by abusing a new Windows service not checking permissions again”, he added. However, Microsoft released a security patch for the previous vulnerability during the September 2018 Patch Tuesday updates.
SandboxEscaper’s PoC for the previous exploit “wrote garbage data to a Windows PC, the PoC for the second zero-day will delete crucial Windows files, crashing the operating system, and forcing users through a system restore process”. Hence, Mitja Kolsek, CEO of ACROS Security, advised users to avoid running this recent PoC.
Kolsek’s company released an update for their product (called 0Patch) that would block any exploitation attempts until Microsoft releases an official fix. Kolsek and his team are currently working on porting their ‘micro-patch’ to all affected Windows versions.
As per ZDNet, malware authors integrated SandboxEscaper’s first zero-day inside different malware distribution campaigns. Experts believe that malware authors can use the zero-day to delete OS files or DLLs and replace them with malicious versions. SandboxEscaper argues that this second zero-day can be just as useful for attackers as the first.
To know more about this news in detail, head over to ZDNet’s website.
‘Peekaboo’ Zero-Day Vulnerability allows hackers to access CCTV cameras, says Tenable Research
Implementing Identity Security in Microsoft Azure [Tutorial]
Upgrade to Git 2.19.1 to avoid Git submodule vulnerability that causes arbitrary code execution
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…