New Windows 0day on Twitter

A researcher s revealed a new 0day of on Twitter. It's the second time in a row months. The researcher, who goes by the moniker SandboxEscaper online, also posted the PoC at GitHub.

It's made of the second 0day of Windows affecting Data Sharing (Microsoft Data Sharing from dssvc.dll), a local service that provides data management between applications.0day

According to several security experts who analyzed the PoC, an attacker can use 0day to escalate his privileges on systems where he already has .

PoC, in particular, was coded to delete files for which a user would normally need administrative rights. With appropriate modifications, other actions can be performed, experts believe. 0day only affects the latest versions of the Windows operating system. So all versions of Windows 10 are at risk, of 2016 and the new Server 2019, according to several security experts who confirmed the PoC.

According to Will Dormann of CERT / CC, this is because "the data sharing service (dssvc.dll) does not appear to exist in Windows 8.1 or earlier."

Today's 0day is almost the same as the first one published by SandboxEscaper on Twitter at the end of August. SandboxEscaper claims that the second security is just as useful to attackers as the first. The researcher believes that malware developers can use it to delete files or DLLs and replace them with malicious versions.

Just like the 0Patch company, released a fix until Microsoft releases a formal fix. The company seems to be currently trying to create a "micro-patch" for all affected versions of Windows.

______________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).