A security researcher unveiled a new 0day of Windows at Twitter. It's the second time in a row two months. The researcher, who goes by the moniker SandboxEscaper online, also posted the PoC at GitHub.
It's made of the second 0day of Windows affecting Data Sharing (Microsoft Data Sharing from dssvc.dll), a local service that provides data management between applications.
According to several security experts who analyzed the PoC, an attacker can use 0day to escalate his privileges on systems where he already has access.
PoC, in particular, was coded to delete files for which one user normally it would need admin rights. With appropriate modifications, other actions can be performed, experts believe. 0day only affects the latest versions of the Windows operating system. So all versions of Windows 10, Server 2016 and the new Server 2019 are at risk, according to several security experts who confirmed the PoC.
According to Will Dormann of CERT / CC, this is because "the data sharing service (dssvc.dll) does not appear to exist in Windows 8.1 or earlier."
Today's 0day is almost exactly the same as the one SandboxEscaper posted on Twitter at the end of August. SandboxEscaper claims that the second security is just as useful for attackers as the first. The researcher believes that malware developers can use it to delete files or DLLs and replace them with malicious versions.
Just like the 0Patch company, released a fix until Microsoft releases a formal fix. The company seems to be currently trying to create a "micro-patch" for all affected versions of Windows.
______________
- Chrome disable auto-login
- Proposals for Microsoft
- Windows 10 printer drivers & scanners from Windows Update
- Microsoft Jet 0Day: update does not fix it