New Windows Zero-Day Exploit on Twitter Disclosed by a Hacker
Two months ago, a twitter security analyst/researcher known as SandboxEscaper who dropped a zero-day exploit for Microsoft Windows Task Scheduler publicly just dropped another proof-of-concept exploit for a new Windows zero-day vulnerability yesterday.
A link posted to a Github page by SandboxEscaper facilitating a proof-of-concept exploit for the vulnerability that gives off an impression to be a beneficial escalation flaw dwelling in Microsoft Data Sharing (dsssvc.dll).
With extensive privileges this Data Sharing Service is running as LocalSystem account and gives information brokering between applications.
A low-privileged attacker could be permitted by this flaw to raise their privileges on a target system, however the PoC exploit code (deletebug.exe) by SandboxEscaper permits only a low-privileged user to delete critical system files-that generally would be possible only by means of admin level privileges.
Not the same bug I posted a while back, this doesn’t write garbage to files but actually deletes them.. meaning you can delete application dll’s and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them,
the researcher wrote.
Since the introduction of the Microsoft Data Sharing service in Windows 10 and present edition of Windows server editions, older editions of Windows operating systems including 7 or 8.1 are not affected by this vulnerability.
The PoC exploit has effectively been tested against “fully-patched Windows 10 system” with the most recent october 2018 security updates, Server 2016 and Server 2019, yet we do not prescribe you to run the PoC, as it may get your operating system crashed.
SandboxEscaper has leaked a Windows zero-day vulnerability twice under two months.
The analyst uncovered details and PoC exploit for a local privilege escalation vulnerability in Microsoft Windows Task Scheduler occurred as a result of errors in the handling of the Advanced Local Procedure Call (ALPC) service in late august.
Not long after the PoC released for the past Windows zero-day flaw, the exploit was found passively been exploited in the wild, before Microsoft fixed to the issue in the September 2018 Security Patch Updates.
SandboxEscaper’s irresponsible revelations again left all Windows users defenseless against the hackers until the following month’s security Patch Tuesday which is arranged for the 13th of November, 2018.