A security researcher unveiled a new 0day of Windows at Twitter. It is the second time in two months. The researcher, who is known online with the nickname SandboxEscaper, also published the PoC at GitHub.
It's made of the second 0day of Windows affecting Data Sharing (Microsoft Data Sharing from dssvc.dll), a local service that provides data management between applications.
According to many security experts who analyzed the PoC, an attacker can use 0day to increase his privileges on systems he already has access to.
PoC, in particular, was coded to delete files for which a user would normally need administrator privileges. With the appropriate modifications, other actions can be taken, experts believe. 0day only affects the latest versions of the Windows operating system. This puts all versions of Windows 10, Server 2016 and the new Server 2019 at risk, according to several security experts who have confirmed PoC.
According to Will Dormann of CERT / CC, this is because "the data sharing service (dssvc.dll) does not appear to exist in Windows 8.1 or earlier."
Today's 0day is almost the same as the first one published by SandboxEscaper on Twitter at the end of August. SandboxEscaper claims that the second security is just as useful to attackers as the first. The researcher believes that malware developers can use it to delete files or DLLs and replace them with malicious versions.
Just like the 0Patch company, released a fix until Microsoft releases a formal fix. The company seems to be currently trying to create a "micro-patch" for all affected versions of Windows.