Windows 10 is hit by another zero-day security flaw

Another zero-day security hole in Windows 10 has been made public, by the same security researcher who highlighted a very similar vulnerability back in August.

SandboxEscaper tweeted about the bug (and released a proof of concept), noting that it was difficult to exploit, but still unpatched. The vulnerability affects all flavors of Windows 10 – including the latest October 2018 Update, for those who have installed it – along with Windows Server 2016 and 2019.

The problem leverages Microsoft’s Data Sharing Service (dssvc.dll), which facilitates data brokering between running applications.

As ZDNet reports, Will Dormann of CERT/CC noted that it apparently doesn’t affect Windows 8.1 or earlier incarnations of Microsoft’s desktop OS, simply because the aforementioned Data Sharing Service isn’t present in those versions of Windows.

Familiar flaw?

The zero-day vulnerability is described as close to identical to the flaw discovered by SandboxEscaper back in August, as mentioned, although the security researcher took pains to clarify that it certainly isn’t the same bug.

SandboxEscaper observed: “Not the same bug I posted a while back, this doesn't write garbage to files but actually deletes them… meaning you can delete application dll's and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them.”

In short, the exploit could potentially be used to elevate privileges on a system the attacker already has access to, and facilitate non-admins deleting any file on a computer because the Data Sharing Service isn’t correctly checking permissions (as security expert Kevin Beaumont made clear).

SandboxEscaper’s previous bug revelation employed some colorful language, and had a serious pop at Microsoft’s bug submission procedures, something which the security researcher apparently later regretted.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Windows
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
Using Zipped files and folders in Windows 11
Windows 11 should soon be faster at extracting files from compressed ZIPs – and it’s about time, frankly
Xbox Wireless Controller
Microsoft is adding a powerful new feature for using Xbox controllers with Windows 11
Latest in News
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game