Tech giant Microsoft is now in trouble once more. The company is already on targets for these past few weeks. The month of October is proving worst for the tech giant. Firstly they faced a lot of criticism about bugs in Windows 10 new updates. This was not it. The RID hijacking vulnerability makes things worse for Microsoft. And now a new zero-day vulnerability hits the tech giant.
This vulnerability is discovered by a researcher @SandboxEscaper. It can be exploited to delete files without any permission. The vulnerability affects all the Windows 10 versions. This zero-day can be used to exploit system data. And it can also lead to privilege escalation. The PoC code for the new zero-day vulnerability in Windows has been released. The code is available on SandboxEscaper’s GitHub.
Zero-Day Vulnerability Details
The vulnerability could be used to delete application DLLs. Thus it forces the programs to look for the missing libraries in other places. If the search reaches a location that grants write permission to the local user.
The attacker could take advantage by providing a malicious DLL. The problem is with Microsoft Data Sharing Service. And it’s present in Windows 10, Server 2016 and 2019 operating systems. The issue provides data brokering between applications.
Although the bug may seem a serious issue. But the researcher himself says the bug is “low quality and a pain to exploit”. In a text file describing the bug, SandboxEscaper says that an attacker could trigger DLL hijacking in third-party software. Not only this but also he delete temp files used by a system service in C:/windows/temp and hijack them and hopefully do some evil stuff.” Security researcher Kevin Beaumont labels the bug as a “cool find” that he thinks would be difficult to take advantage of “in a meaningful way.”
Here I must mention another vulnerability report about Microsoft Windows. It is a RID Hijacking vulnerability that was reported some months ago. A security researcher named Sebastián Castro uncovered a way of gaining admin rights and boot persistence on Windows PCs that is not only simple to execute but hard to stop as well.