A researcher better safetys revealed a new 0day of Windows on Twitter. It's the second time in a row two months. The researcher, who goes by the moniker SandboxEscaper online, also posted the PoC at GitHub.
It's made of the second 0day of Windows affecting Data Sharing (Microsoft Data Sharing from dssvc.dll), a local service that provides data management between applications.
According to several security experts who analyzed the PoC, an attacker can use 0day to escalate his privileges on systems where he already has access.
PoC, in particular, was coded to delete files for which a user would normally need administrative rights. With appropriate modifications, other actions can be performed, experts believe. 0day only affects the latest versions of the Windows operating system. So all versions of Windows 10 are at risk, of Server & Hosting 2016 and the new Server 2019, according to several security experts who confirmed the PoC.
According to Will Dormann of CERT / CC, this is because "the data sharing service (dssvc.dll) does not appear to exist in Windows 8.1 or earlier."
Today's 0day is almost the same as the first one published by SandboxEscaper on Twitter at the end of August. SandboxEscaper claims that the second security is just as useful to attackers as the first. The researcher believes that malware developers can use it to delete files or DLLs and replace them with malicious versions.
Just like the 0Patch company, released a fix until Microsoft releases a formal fix. The company seems to be currently trying to create a "micro-patch" for all affected versions of Windows.
______________
- Chrome disable auto-login
- Proposals for Microsoft
- Windows 10 printer drivers & scanners from Windows Update
- Microsoft Jet 0Day: update does not fix it