HomeWinBuzzer NewsLatest Windows 10 Zero-Day Can Give Attackers Elevated System Privileges

Latest Windows 10 Zero-Day Can Give Attackers Elevated System Privileges

Another vulnerability has been found in Windows 10, potentially giving attackers the ability to elevate their privileges and make system changes.

-

Over this month, 's Windows platform has been plagued by problems. Starting with being paused, the OS has suffered various bugs. The latest is another discovered by the same security researcher who uncovered a previous vulnerability.

Researcher “SandboxEscaper” says the latest flaw affects the Microsoft Data Sharing (dssvc.dll). This is a Windows 10 service that manages data brokering for applications. A proof-of-concept (PoC) for the flaw has been published on GitHub.

Experts who have tested the PoC say the vulnerability gives attackers the ability to open more privileges on Windows 10 and access parts of the system. The code for the PoC also shows how bad actors could delete files which would usually need admin access to open.

Only Windows 10 seems to be affected by this flaw. This also includes the October 2018 Update, Microsoft's latest version of the OS.

https://twitter.com/SandboxEscaper/status/1054744201244692485

This is the second zero-day vulnerability disclosed by SandboxEscaper in recent months. In August, the researcher showcased a flaw that would write garbage data to Windows. This latest problem is more dangerous as it deletes files, that's why we advise against downloading the PoC. However, Sandbox does point out this vulnerability would be a “pain to exploit” for malware writers.

Windows XP Problem

In some ways, this latest zero-day is similar to a flaw found in the aging Windows XP platform last week.

The exploit gives hackers means to move admin accounts to their own machines. Attackers could transfer admin privileges to Guest accounts to access more of the system.

“Regardless of the version since XP, Windows uses the Security Account Manager (SAM) to store the security descriptors of local users and built-in accounts. As is mentioned in How Security Principals Work, every account has an assigned RID which identifies it. Different from domain controllers, Windows workstations and servers will store most part of this data in the HKLM\SAM\SAM\Domains\Account\Users key, which requires SYSTEM privileges to be accessed.”

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News