Connect with us

Vulnerability

New Windows Zero-Day Exploit on Twitter Disclosed by a Hacker

Malware Vulnerability

Prometei Botnet Infects Systems with Latest Version, Warns Cybersecurity Experts

Vulnerability

Critical Vulnerability Discovered in FortiOS and Palo Alto Networks Firewalls

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Hacker News Vulnerability

Backdoors to the Home

Hacker News Vulnerability

Zyxel, the Dangers of Hard-coding Credentials

Hacker News Vulnerability

Instagram: User Accounts And Phone Numbers Exposed

Malware Vulnerability

Notepad, New Attack Vector?

Hacker News Vulnerability

WPA3 Still Rough on the Edges

Vulnerability

New Windows Zero-Day Exploit on Twitter Disclosed by a Hacker

Published

5 years ago

on

New Windows Zero-Day Exploit on Twitter Disclosed by a Hacker

New Windows Zero-Day Exploit on Twitter Disclosed by a Hacker

Two months ago, a twitter security analyst/researcher known as SandboxEscaper who dropped a zero-day exploit for Microsoft Windows Task Scheduler publicly just dropped another proof-of-concept exploit for a new Windows zero-day vulnerability yesterday.

 

A link posted to a Github page by SandboxEscaper facilitating a proof-of-concept exploit for the vulnerability that gives off an impression to be a beneficial escalation flaw dwelling in Microsoft Data Sharing (dsssvc.dll).

 

With extensive privileges this Data Sharing Service is running as LocalSystem account and gives information brokering between applications.

 

A low-privileged attacker could be permitted by this flaw to raise their privileges on a target system, however the PoC exploit code (deletebug.exe) by SandboxEscaper permits only a low-privileged user to delete critical system files-that generally would be possible only by means of admin level privileges.

Not the same bug I posted a while back, this doesn’t write garbage to files but actually deletes them.. meaning you can delete application dll’s and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them,

the researcher wrote.

Since the introduction of the Microsoft Data Sharing service in Windows 10 and present edition of Windows server editions, older editions of Windows operating systems including 7 or 8.1 are not affected by this vulnerability.

 

The PoC exploit has effectively been tested against “fully-patched Windows 10 system” with the most recent october 2018 security updates, Server 2016 and Server 2019, yet we do not prescribe you to run the PoC, as it may get your operating system crashed.

 

SandboxEscaper has leaked a Windows zero-day vulnerability twice under two months.

 

The analyst uncovered details and PoC exploit for a local privilege escalation vulnerability in Microsoft Windows Task Scheduler occurred as a result of errors in the handling of the Advanced Local Procedure Call (ALPC) service in late august.

 

Not long after the PoC released for the past Windows zero-day flaw, the exploit was found passively been exploited in the wild, before Microsoft fixed to the issue in the September 2018 Security Patch Updates.

 

SandboxEscaper’s irresponsible revelations again left all Windows users defenseless against the hackers until the following month’s security Patch Tuesday which is arranged for the 13th of November, 2018.

Related Topics:

Technology Enthusiast with a keen eye on the Cyberspace, Entrepreneur, Ethical Hacker

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *