New Windows Zero-Day Exploit Exposed Via Twitter Can Cripple Windows 10 PCs
The security researcher publishes a proof-of-concept on GitHub was demonstrates how it can affect a target system. In practices, this new flaw is similar to the one disclosed back in late August and exploits a Windows feature called impersonation to improperly gain access to elevated privileges.
https://t.co/1Of8EsOW8z Here's a low quality bug that is a pain to exploit.. still unpatched. I'm done with all this anyway. Probably going to get into problems because of being broke now.. but whatever.
— SandboxEscaper (@SandboxEscaper) October 23, 2018
In the case of the zero-day revealed in August, the Windows Task Scheduler was compromised to allow files to be overwritten. With this new exploit, however, The Data Sharing Service's (dssvc.dll) impersonation privileges have been hijacked so that an unprivileged user has the ability to delete any file on a system. The proof-of-concept available on GitHub will delete the Windows PCI driver. Once this happens, you'll be unable to boot your system, and you'll be forced to perform a System Restore in order to make your PC operational again.
According to SandboxEscaper, the new zero-day affects Windows 10, Windows Server 2016, and Windows Server 2019.
Btw, once @SandboxEscaper's deletebug.exe deletes pci.sys on the computer, you can no longer restart it so make sure you test on a virtual machine that you can revert to a state before you ran deletebug.exe. pic.twitter.com/bsQ2NNVnXS
— Mitja Kolsek (@mkolsek) October 23, 2018
ZDNet notes that nefarious parties were quick to implement SandboxEscaper's August exploit into their malware. It's possible that this follow-up could also be used for similar malware campaigns with much more disastrous results given its ability to delete critical system files.
For its part, Microsoft issued the following statement regarding this exploit, "Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule."
Microsoft's quality control practices have come under fire recently due to a number of high-profile incidents involving its Windows 10 October 2018 Update. It was first rocked by a file deletion fiasco for users performing the upgrade, and more recently, a file overwriting issue was highlighted involving zip archives. Both of these issues were originally identified by Windows Insiders during the beta testing period for the October 2018 Update, but Microsoft never acted before pushing the major update to the public.