A new zero-day Windows vulnerability has been disclosed via the Twitter social network. According to the information released by the security researcher the problem lies within the Microsoft Data Sharing service. It is used to allow data sharing between applications.
Windows Zero-day Vulnerability Caused by the Microsoft Data Sharing Service
A security researcher has disclosed a previously unknown Windows zero-day vulnerability. Information about it was posted on Twitter and according to it a security affects the Microsoft Data Sharing service. This is an important part of the operating system as it allows data sharing between the applications. An in-depth look at the issue shows that hackers can use it to gain elevated privileges when running malicious code. The proof-of-concept code posted was devised to remove files from the machine which normally requires elevated privileges — these are usually system files or protected data.
https://t.co/1Of8EsOW8z Here's a low quality bug that is a pain to exploit.. still unpatched. I'm done with all this anyway. Probably going to get into problems because of being broke now.. but whatever.
— SandboxEscaper (@SandboxEscaper) October 23, 2018
When modified the code can allow other actions to be executed — files manipulation, system settings access and commands execution. All contemporary versions of Microsoft Windows are affected: Windows 10 (even the October 2018 Update is vulnerable), Server 2016 and Server 2019. Earlier versions are not affected because this component is not available then.
Abuse of this Windows zero-day vulnerability can lead to system sabotage. A direct consequence is that any non-admin user executing the required command or script can delete any file. When system data is affected this will crash the operating system and force the users to go through the system restore procedure.
7 hours after the Windows zero-day was released a micropatch candidate was announced. It will block the exploit by adding an impersonation to the relevant delete files command. Before being released to the public it will need to be tested for reliability and side effects. Microsoft has not yet commented on the issue or released a patch that amends the problem. It is expected that a fix will be released soon for all affected machines.