NewsBytes
    Hindi Tamil Telugu
    More
    In the news
    Narendra Modi
    Amit Shah
    Box Office Collection
    Bharatiya Janata Party (BJP)
    OTT releases
    Hindi Tamil Telugu
    NewsBytes
    User Placeholder

    Hi,

    Logout

    India
    Business
    World
    Politics
    Sports
    Technology
    Entertainment
    Auto
    Lifestyle
    Inspirational
    Career
    Bengaluru
    Delhi
    Mumbai

    Download Android App

    Follow us on
    • Facebook
    • Twitter
    • Linkedin
    Home / News / Technology News / Windows Zero-day vulnerability capable of deleting files uncovered
    Next Article
    Windows Zero-day vulnerability capable of deleting files uncovered

    Windows Zero-day vulnerability capable of deleting files uncovered

    By Shubham Sharma
    Oct 25, 2018
    09:28 pm

    What's the story

    A new zero-day vulnerability that can be exploited to delete Windows system files has been uncovered by a security researcher.

    The researcher, who goes by the name SandboxEscaper, uncovered the bug on Twitter by presenting a proof-of-concept code.

    It affects all recent versions of Windows 10, including the latest October 2018 Update, and still remains unpatched.

    Here are more details.

    The problem

    The bug can be exploited to delete Windows system files

    The bug, second zero-day vulnerability to be discovered by the researcher, affects Microsoft Data Sharing service (dssvc.dll) - a local service for data brokering between applications.

    When exploited, it can lead to privilege escalation, where the attacker can gain admin rights to compromise protected resources on the system.

    Then, they can delete system DLLs, provide malicious ones to compromise programs, or take other actions.

    Information

    Only select Windows machines affected

    The bug affects all Windows 10 versions as well as Windows Server 2016 and 2019. Windows 8.1 and other previous versions aren't at risk because they don't seem to have the Data Sharing Service (dssvc.dll) in question here.

    Exploitation

    However, it is a 'pain' to exploit

    Though the bug poses a risk to Windows security, SandboxEscaper has called it low quality and a plain to exploit.

    It is also worth noting that security experts claim the new vulnerability is quite similar to the one flagged in late August.

    However, unlike the previous one, the latest vulnerability (code on GitHub) doesn't write garbage files but actually deletes them and crashes Windows.

    Solutions

    How to stay protected?

    Though bugs like these are difficult to exploit, ACROS Security has released a micro-patch through its OPatch platform to block exploitation attempts until Microsoft issues an official fix.

    Microsoft's fix for the last vulnerability came in September and we can expect something similar in the coming weeks.

    "Our standard policy is to provide solutions via our current Update Tuesday schedule," the company told ZDNet.

    Twitter Post

    Patch to block the vulnerability

    7 hours after the 0day in Microsoft Data Sharing Service was dropped, we have a micropatch candidate that successfully blocks the exploit by adding impersonation to the DeleteFileW call. As you can see, the Delete operation now gets an "ACCESS DENIED" due to impersonation. pic.twitter.com/qoQgMqtTas

    — 0patch (@0patch) October 23, 2018
    Facebook
    Whatsapp
    Twitter
    Linkedin
    Related News
    Latest
    Microsoft
    Microsoft Windows
    Windows 10

    Latest

    Sonakshi calls out Indian news channels for sensationalizing India-Pakistan conflict  Social Media
    New pope seemingly reshared posts critical of Trump, Vance Pope Francis
    Who is the Indian-American judge overseeing Diddy's trafficking case? Hollywood
    Centre activates 14 Infantry Battalions of Territorial Army till 2028  Indian Army

    Microsoft

    Microsoft Ventures to fund Indian tech start-ups India
    Everything you should know about the big Windows 10 update Cortana
    India's Aadhaar doesn't pose any privacy issue: Bill Gates India
    Technology can help India leapfrog into inclusive growth: Bill Gates India

    Microsoft Windows

    Microsoft finally solves its bug problem, nine months after discovery Microsoft
    S.Korean firm pays $1m ransom to hackers, founder turns bankrupt South Korea
    Microsoft confirms the date for next major Windows 10 upgrade Microsoft
    Microsoft wants you to use Edge-browser, nevermind what you want Microsoft

    Windows 10

    WannaCry ransomware shuts down Bengaluru's ATMs Microsoft
    Ransomware attack: Gurgaon's Blackberrys falls prey, hackers demand bitcoins BlackBerry
    The Amazon Prime Day Sale begins Amazon
    Microsoft calls it a day for Windows 10 Mobile Microsoft
    Indian Premier League (IPL) Celebrity Hollywood Bollywood UEFA Champions League Tennis Football Smartphones Cryptocurrency Upcoming Movies Premier League Cricket News Latest automobiles Latest Cars Upcoming Cars Latest Bikes Upcoming Tablets
    About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive Download DevBytes Find Cricket Statistics
    Follow us on
    Facebook Twitter Linkedin
    All rights reserved © NewsBytes 2025