Security researcher has discovered a new zero-day vulnerability in Windows and also released proof-of-concept exploit code for that vulnerability
Security researcher has discovered a new zero-day vulnerability in Windows and also released proof-of-concept exploit code for that vulnerability.The new zero-day vulnerability was disclosed by security researcher using twitter handle @SandboxEscaper and has made all windows users to vulnerable to cyber attacks.Attackers could exploit the vulnerability to escalate privileges on a target system. The vulnerability allows deleting of any files without permission including system files“Not the same bug I posted a while back, this doesn’t write garbage to files but actually deletes them.. meaning you can delete application dll’s and hope they go look for them in user write-able locations. Or delete stuff used by system services c:windows emp and hijack them.” said SandboxEscaper. https://twitter.com/SandboxEscaper/status/1054747810187362304 The security researcher also shared a link to a Github page containing the proof-of-concept exploit code for the zero-day vulnerability.The vulnerability resides in the Microsoft Data Sharing Service which provides data brokering between applications.The vulnerability affects Windows 10 and Windows server versions of 2016 and 2019.Security analyst Will Dormann at CERT/CC has successfully tested proof-of-concept exploit code on the latest version of Windows 10 updated with latest patches.The disclosure of the vulnerability and PoC has made all windows user vulnerable to attack. Users have to wait until the next security update by windows which is scheduled on November 13, 2018 For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin and Twitter.
You may be interested in reading:Critical Flaw in Branch.io Affects Around 685 Million Users