This is the fourth zero-day vulnerability in Windows revealed in December 2018
A cybersecurity researcher has revealed the
code to exploit critical zero-day vulnerability present in the Windows
operating system, the fourth security error of this class presented during the
last month of 2018. According to specialists from the International Institute
of Cyber Security, this vulnerability would allow overwriting files with
arbitrary data.
According to the researcher, identified with
the alias ‘SandboxEscaper’, executing the code of her proof of concept results
in the overwriting of ‘pci.sys’ with information about software and hardware
problems, compiled through Windows Error Reporting events-based feedback.
The cybersecurity specialist warns that her exploit works with some limitations, and in
some systems could not find the expected effect. As an example, the
investigator commented that she was not able to exploit the vulnerability in a
computer with a single core CPU.
In addition, SandboxEscaper adds that the time
for the bug to produce some effect may vary depending on the system, as some
other operation might disrupt the process or break the result.
This is confirmed by Will Dormann, a
cybersecurity analyst from CERT/CC, who was able to reproduce the vulnerability
Windows 10 Home Built 17134, adding that file overwriting is not presented
consistently.
On the other hand, Mitja Kolsec, director of a
cybersecurity firm, says the exploit’s reliability range is a minor drawback if
a hacker is able to verify the success of the exploit.
Due to the attack focusing on ‘pci.sys’, the
proof of concept designed by SandboxEscaper could generate a denial-of-service
condition on the machine of a user without administrator privileges because
‘pci.sys’ is a component of the system necessary to start the operating system
correctly, as it enumerates the objects of the physical device.
Still, Dormann comments that the exploit could
be used against other files because ‘pci.sys’ was used simply as an example of
a file that should not be able to be overwritten”.
SandboxEscaper had announced that at the
beginning of the year 2019 would publish the proof of concept for a new bug in
Windows, although a few days later she anticipated this deadline and published
the details about this zero day vulnerability. The specialist posted via
Twitter that she had already informed Microsoft about the incident, although
the company has not made any statement about this vulnerability.
This is the second time that SandboxEscaper
publishes critical zero-day vulnerability proof of concept for Windows. A few
weeks ago, the same specialist published a code with which any user was able to
read protected files on this system.
