Microsoft is alread already having a lot on its plate for these past few days. And it appears October couldn’t get any worse for the company. A new zero-day vulnerability discovered by a researcher @SandboxEscaper can be exploited to delete files without any permission.
As Bleeping Computer notes, the vulnerability, which affects all the Windows 10 versions, can be used to exploit system data, and it can also lead to privilege escalation (an exploitation technique to gain access to protected resources on the computer).
According to the SandboxEscaper, the problem pertains the Microsoft Data Sharing Service which provides data brokering between applications. In the tweet, the research shared a GitHub link as a proof-of-concept.
https://t.co/1Of8EsOW8z Here’s a low quality bug that is a pain to exploit.. still unpatched. I’m done with all this anyway. Probably going to get into problems because of being broke now.. but whatever.
— SandboxEscaper (@SandboxEscaper) October 23, 2018
The zero-day vulnerability can be used to delete application DLLs, thus forcing the programs to look for the missing libraries in other places. Once the search reaches a location that grants write permission to the local user, the attacker could take advantage by providing a malicious DLL.
Although the bug may seem a serious issue, the researcher himself says the bug is “low quality and a pain to exploit.”. While we are still waiting for Microsoft to address the issue, 0patch has released a temporary micropatch to block the vulnerability until Microsft does something about it.
7 hours after the 0day in Microsoft Data Sharing Service was dropped, we have a micropatch candidate that successfully blocks the exploit by adding impersonation to the DeleteFileW call. As you can see, the Delete operation now gets an “ACCESS DENIED” due to impersonation. pic.twitter.com/qoQgMqtTas
— 0patch (@0patch) October 23, 2018