WINDOWS ZERO-DAY BY SANDBOXESCAPER

Sandboxescaper has shown an new flaw in Windows that make all users vulnerable. Till now Microsoft has not address this issue to the windows users or has make any security patches for this vulnerability.

 

This flaw can be used to exploit by a hacker to compromise the vulnerable system. The researchers shared that this exploit could delete critical system files. This flaw is exposed on Wednesday is an elevation of advantage zero-day vulnerability (dssvc.dll). This is service which runs in the LocalSystem account with comprehensive advantages that enable data to be broke between the applications. Security experts has found that this service only affects Windows 10 and the recent versions of Windows Server edition This flaw will not affect the older versions of Microsoft Operating Systems because in older version Microsoft didn’t implement Microsoft Data Sharing Service.

According to researcher who has released this exploit. This exploit allows a hacker to delete DLLs (Dynamic Link Libraries) of the applications- which means that the affected programs will then go look these libraries elsewhere. If the application find its own way to victim writeable location it gives a hacker a privilege to upload own infected malicious libraries in victim’s machine. Experts are afraid that this release could help hackers in exploiting this in the wild.

BUG DESCRITION:-

RpcDSSMoveFromSharedFile(handle,L"token",L"c:\SOMEPATH\p
ci.sys");

This function exposed over ALPC (Advance Local Procedure Call Events), has an arbitrary delete vulnerability.

Beating the timing was pretty annoying. But this flaw will keep running until c:windowssystem32driverspci.sys is deleted.

It’s impossible to beat the timing on single core VM machine. It was triggered using 4 cores on VM machine.

The thread to execute using different security information that process which owns the thread. It is just a delete for the root cause because of an early revert to self.

 

You may also like...