Windows 10 is hit by another zero-day security flaw

Another zero-day security hole in Windows 10 has been made public, by the same security researcher who highlighted a very similar vulnerability back in August.

SandboxEscaper tweeted about the bug (and released a proof of concept), noting that it was difficult to exploit, but still unpatched. The vulnerability affects all flavors of Windows 10 – including the latest October 2018 Update, for those who have installed it – along with Windows Server 2016 and 2019.

The problem leverages Microsoft’s Data Sharing Service (dssvc.dll), which facilitates data brokering between running applications.

As ZDNet reports, Will Dormann of CERT/CC noted that it apparently doesn’t affect Windows 8.1 or earlier incarnations of Microsoft’s desktop OS, simply because the aforementioned Data Sharing Service isn’t present in those versions of Windows.

Familiar flaw?

The zero-day vulnerability is described as close to identical to the flaw discovered by SandboxEscaper back in August, as mentioned, although the security researcher took pains to clarify that it certainly isn’t the same bug.

SandboxEscaper observed: “Not the same bug I posted a while back, this doesn't write garbage to files but actually deletes them… meaning you can delete application dll's and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them.”

In short, the exploit could potentially be used to elevate privileges on a system the attacker already has access to, and facilitate non-admins deleting any file on a computer because the Data Sharing Service isn’t correctly checking permissions (as security expert Kevin Beaumont made clear).

SandboxEscaper’s previous bug revelation employed some colorful language, and had a serious pop at Microsoft’s bug submission procedures, something which the security researcher apparently later regretted.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Windows
Printer
No, your printer isn't possessed: a Windows 11 23H2 bug could be making it print random characters when connected via USB
Man having Windows 11 problems with his laptop
Fed up of adverts creeping into Windows 11? You won’t like Microsoft’s latest update, then, although it does provide some important bug fixes
Acer Aspire 14 AI laptop display showing the Windows 11 login screen
Shock, horror – I’m not going to argue with Microsoft’s latest bit of nagging in Windows 11, as this pop-up is justified
A laptop on a desk with the Windows 11 background on its screen.
Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier
AOC Agon Pro AG276FK gaming monitor tilted slightly to the side, showing the Windows desktop screen
Windows 11 users get ready for more ‘recommendations’ from Microsoft – but I’m relieved to say these suggestions might actually be useful
Microsoft Store logo on a blurred background
There's finally a fix for an annoying Microsoft Store bug that's older than Windows 11
Latest in News
Stress
Complexity of IT systems could be increasing security risks for businesses
Warhammer 40,000: Space Marine 3
Warhammer 40,000: Space Marine 3 enters development as team promises to support Space Marine 2 'with exciting content and regular updates in the coming years'
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
CEOs think they might lose their jobs if they can't deliver on AI
Tony Hawk's Pro Skater 3+4
From Ace of Spades to Them Bones, Tony Hawk's Pro Skater 3+4's soundtrack is already looking excellent
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD describes its recent RDNA 4 GPU launch as 'unprecedented' and promises restocking the Radeon RX 9070 XT as 'priority number one'
An AMD Radeon RX 9070 XT vs RX 9070 against a red two-tone background
Well, AMD's Radeon RX 9070 series launch isn't going as smoothly as we thought - and it's because retailers have inflated prices