Contact Contact Us

WEEKLY COMMENTS

A researcher by the Twitter handle SandboxEscaper has released another zero-day vulnerability on social media without first coordinating disclosure with the vendor. The Windows zero-day affects Microsoft Data Sharing (dssvc.dll), a local service that provides data brokering between applications. An attacker with normal user access can abuse the vulnerability to delete any files, which may allow privilege escalation. SandboxEscaper has posted a proof-of-concept on GitHub that deletes the critical system file, pci.sys, rendering the system unbootable. Alternatively, an attacker may be able to plant a malicious replacement file after the deletion so that malicious code can be executed the next time the file is needed. The zero-day affects Windows 10, Server 2016 and Server 2019. Microsoft is analysing the vulnerability and is expected to patch the flaw in November Patch Tuesday, scheduled for release on 13 Nov 2018.

References:
[1] Microsoft Windows Zero-day Disclosed on Twitter, Again

Ensign InfoSecurity Singapore
6 Commonwealth Lane
Singapore 149547

Tel: +65 6788 2882
Fax: +65 6788 3883