Zero-day vulnerability with file-deleting capability found in Windows 10

A security researcher unearthed a zero-day vulnerability in Microsoft Windows 10. And this one goes beyond altering system files – it actually deletes them.

A security researcher who goes by the name of SandboxEscaper discovered a new zero-day vulnerability in Windows 10. This is the second vulnerability discovered in a span of two months.

The newly discovered Windows exploit affects the data sharing service (dssvc.dll) – a feature facilitating data brokering between applications.

Security researchers like ‘Raptor’ added that the discovery could be useful for local privilege escalation via DLL hijacking.
The bug was coded to delete files that would normally require a user to have admin privileges.

The vulnerability affects Windows 10, including the latest October 2018 update, for those who have installed it – along with Windows Server 2016 and 2019, according to TechRadar.

The hacker, SandboxEscaper, also shared that the vulnerability is a low-quality one “that is a pain to exploit”. Security researcher Shaun Nichols, in a statement to the Register warned users to not touch it, unless they knew what they were doing.

The reason? It could crash a computer running Windows 10 and return it to recovery mode.

Seven hours after the zero-day in the Microsoft Data Sharing Service was brought to light, a micro-patch candidate was released that could successfully block the exploit by adding impersonation to the DeleteFileW call. The ‘delete’ operation now prompts an ‘Access Denied" due to impersonation.