Microsoft has yet another security issue in its hands with a zero-day vulnerability being disclosed publicly by security researcher SandboxEscaper that affects Windows user. The proof of concept is available to everyone via GitHub, and other security experts have taken the opportunity to analyze it, revealing that attackers can use the exploit to elevate their privileges on already compromised systems.
The proof of concept affects Windows 10, Server 2016, and Server 2019 variants of Microsoft’s OS. Older versions of Windows are not affected because Windows 8.1 and earlier versions do not include the Dara Sharing Service which has been compromised. The service is capable of brokering data between multiple applications on the OS, and the vulnerability allows non-admins the ability to delete any file on the system as Windows does not check for permissions.
https://twitter.com/SandboxEscaper/status/1054744201244692485
Co-founder and CEO of ACROS Security has advised against using the proof-of-concept on Microsoft’s OS as it can delete crucial Windows files, which will force users to go through a system restore to regain proper functionality. The first zero-day vulnerability that was posted by SandboxEscaper wrote garbage data on Windows PCs and was much safer to test. If you want to test the exploit, it is recommended to use a virtual system for testing purposes to prevent any risks to your primary system.
Malware authors have already started integrating the zero-day exploit with malware distribution campaigns. The first zero-day vulnerability has already been patched by Microsoft in September while the new vulnerability was patched just 7 hours after it was announced via a “micro-patch.” Microsoft has not released an official statement about the patch or the exploit. Users attempting to use the exploit will now get an “ACCESS DENIED” notification.
What do you think about the zero-day vulnerability discovered in Windows systems? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.