Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Windows Zero-Day Bug Helps Delete Any File, Exploit Available (bleepingcomputer.com)

Posted by BeauHD on from the here-we-go-again dept.

An anonymous reader quotes a report from Bleeping Computer: Proof-of-concept code for a new zero-day vulnerability in Windows has been released by a security researcher before Microsoft was able to release a fix. The code exploits a vulnerability that allows deleting without permission any files on a machine, including system data, and it has the potential to lead to privilege escalation. The vulnerability could be used to delete application DLLs, thus forcing the programs to look for the missing libraries in other places. If the search reaches a location that grants write permission to the local user, the attacker could take advantage by providing a malicious DLL.

The problem is with Microsoft Data Sharing Service, present in Windows 10, Server 2016 and 2019 operating systems, which provides data brokering between applications. Will Dormann, a vulnerability analyst at CERT/CC, tested the exploit code successfully on a Windows 10 operating system running the latest security updates. Behind the discovery is a researcher using the online alias SandboxEscaper, also responsible for publicly sharing in late August another security bug in Windows Task Scheduler component. Microsoft hasn't addressed the issue, but there is a temporary fix available through the oPatch platform. "A micropatch candidate was ready seven hours after the zero-day vulnerability announcement, and it blocked the exploit successfully," reports Bleeping Computer. "oPatch now delivers the stable version of the micropatch for fully updated Windows 10 1803.

74 comments

  1. Like a technological Trump Bomb by Anonymous Coward · · Score: -1

    Trump's enemies are all getting mail bombs because uneducated racists are treasonous, violent scum.

    Apple doesn't fall far from the retard-tree, traitors.

    1. Re:Like a technological Trump Bomb by Anonymous Coward · · Score: -1, Offtopic

      It is so painfully obvious that this was a false-flag operation designed to get lazy Dems to the polls. Soros is such an egomaniac that he had to be the first "victim" before Obama, Clinton, and the various media outlets.

    2. Re:Like a technological Trump Bomb by Anonymous Coward · · Score: -1

      Democrats don't know or care about George Soros. Only republican tards, traitors, and terrorists hate George Soros.

      All you fucking traitors need to get the hell out of America.

    3. Re:Like a technological Trump Bomb by Anonymous Coward · · Score: -1

      Right after you AIDS-ridden faggots do.

    4. Re:Like a technological Trump Bomb by Anonymous Coward · · Score: -1

      I'd rather have AIDS than the profound mental retardation which defines the republican party.

      Now all you tards, traitors, and terrorists need to get the fuck out!

    5. Re:Like a technological Trump Bomb by snapsnap · · Score: 1, Insightful

      I think you're correct since as Saul Alinsky said, "Accuse the Other Side of That Which You Are Guilty." It's just sad how often our side fakes crap in order to try to appear as the victim.

    6. Re:Like a technological Trump Bomb by Anonymous Coward · · Score: 0

      No. We only get violent because Trump is threatening violence. This is Trump's fault.

    7. Re:Like a technological Trump Bomb by bn-7bc · · Score: 1

      you might be a toll, but instead of moding you as such, I'll give you the benefit of doubt and instead ask you a question: How is this trump rant even remotely related to a windows 0-DAY bug?

    8. Re:Like a technological Trump Bomb by Anonymous Coward · · Score: 0

      That's true actually, most dems don't know who soros is. They don't care either. Only republicans seem to have a hard-on for him.

    9. Re:Like a technological Trump Bomb by pgmrdlm · · Score: 0

      Can't wait to see your blood flow in the streets. Get as violent as you want. you will not like the pay back.

      --
      Anonymous comments are as pathetic as the anonymous "sources" that contaminate gutless journalism from the New York Time
    10. Re:Like a technological Trump Bomb by Anonymous Coward · · Score: 0

      Ya, it's not like he was referred to as the guy who controls the DNC by Norm McDonald from a mid-90s SNL skit that was removed from all official streaming sources. Nothing odd at all.

  2. This is why I use by Anonymous Coward · · Score: 3, Informative

    Linux

    1. Re:This is why I use by Anonymous Coward · · Score: 0

      Linux no!

      Ubuntu!

    2. Re:This is why I use by Anonymous Coward · · Score: 0

      This is why I use windows 7

    3. Re:This is why I use by Anonymous Coward · · Score: 0

      TempleOS

    4. Re:This is why I use by Highdude702 · · Score: 1

      Microsoft had Terry Davis killed!!! This proves it!!

    5. Re:This is why I use by Anonymous Coward · · Score: 0

      +1, Flamebait

    6. Re: This is why I use by Oriumpor · · Score: 1

      Fuck, some of us are stuck with it cause we got users... but you know what this means??? Bye bye mother fuckin Xbox uwp you can't remove!!!

    7. Re:This is why I use by sproketboy · · Score: 1

      TempleOS FTW

    8. Re:This is why I use by Skuld-Chan · · Score: 1

      Linux has its own share of dumb security bugs too though - like the recent libssh issue (yeah I know its not linux per se, but whatever).

    9. Re:This is why I use by Marxist+Hacker+42 · · Score: 0

      cd /
      rm -r *

      Same bug exists if you log in as root.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  3. Too long by SuperKendall · · Score: 4, Funny

    The problem is with Microsoft...

    Could have just stopped right there.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Too long by dc29A · · Score: 5, Funny

      That's true, you don't need zero day exploits to delete files, a simple Windows update takes care of it!

    2. Re:Too long by lgw · · Score: 0

      C'mon, just read a few more words:

      The problem is with Microsoft Data Sharing Service, present in Windows 10

      See, MS can be fine, you just need to upgrade to Windows 7 from that crappy Win10 legacy junk. It's hardly MS's fault if people refuse to upgrade to the good version of Windows.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    3. Re:Too long by Anonymous Coward · · Score: 0

      until some similar bug happens in Win 7 and Microsoft refuse to patch it...

    4. Re:Too long by sn0wflake · · Score: 2

      If all you Linux dorks spent some time making Linux user-friendly instead of sitting in forums all day long bashing Microsoft, maybe some people would consider switching to Linux. 20 years later and being completely free, and Linux is still a joke with minimal usage from regular users.

    5. Re:Too long by Anonymous Coward · · Score: 2, Funny

      If all you Linux dorks spent some time making Linux user-friendly instead of sitting in forums all day long bashing Microsoft, maybe some people would consider switching to Linux. 20 years later and being completely free, and Linux is still a joke with minimal usage from regular users.

      linux is user-friendly....it's just rather picky about the users it's friendly with...

    6. Re:Too long by Anonymous Coward · · Score: 0

      Such originality. I'm not surprised a linux sycophant would parrot such tired bullshit.

    7. Re:Too long by rtb61 · · Score: 1

      So it is not a bug it is a feature, the bug, whoops everyone can see that feature that no one wants, the ability of M$ to delete any file it wants to on your computer at any time it wants to, as soon as you run windows 10. The bug is, the feature is now visible, don't worry they will hide it again in double quick time.

      --
      Chaos - everything, everywhere, everywhen
    8. Re:Too long by Anonymous Coward · · Score: 0

      If you can't navigate your way through Ubuntu, Mint, KDE Neon or ElementaryOS then you probably have a rather severe learning disability bordering on mental retardation and I feel pity for you. It would be wise for you to wear a bib while using the computer. Errant drool is known to ruin most keyboards.

      Then again, I suppose you're stuck with whatever operating system your group home has on their computers, so I can't fully blame you for not seizing the opportunity to learn. You poor thing.

  4. Outstanding News by Anonymous Coward · · Score: 1

    I have been avoiding the upgrade process for quite some time. My diligence has paid off!

  5. Can this be used ... by WoodstockJeff · · Score: 5, Funny

    ... to remove those Win10 applications that Microsoft forbids you to remove?

    1. Re: Can this be used ... by Anonymous Coward · · Score: -1

      No, you cannot use this to cut off your junk, you filthy tranny.

    2. Re: Can this be used ... by Opportunist · · Score: 1

      He asked about cutting out Windows' junk, not his own.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re: Can this be used ... by Highdude702 · · Score: 1

      But how is he going to mount the tranny?

    4. Re: Can this be used ... by Anonymous Coward · · Score: 0

      In Soviet Russia, tranny mount you!

    5. Re:Can this be used ... by Anonymous Coward · · Score: 0

      Yes, but it will conflict with the ability of the next version update to do the same and reformats all drives as a result.

    6. Re:Can this be used ... by Anonymous Coward · · Score: 0

      and if so, is there a donation link?

    7. Re:Can this be used ... by Anonymous Coward · · Score: 0

      No need to wait for this bug. Fire up your favorite distro or better yet dual boot with Ubuntu or Linux Mint then logon to your Linux account then delete all or any Win10 files at will.

    8. Re: Can this be used ... by Anonymous Coward · · Score: 0

      Just mount the tranny, or is he lilliputian or something?

  6. oPatch by viperidaenz · · Score: 1

    What's oPatch? is it like 0patch?

  7. Links not helpful by viperidaenz · · Score: 4, Insightful

    What's the CVE for this exploit?

    Or did the "security researcher" not disclose this to anyone before releasing it?

    1. Re:Links not helpful by Anonymous Coward · · Score: 0

      What's the CVE for this exploit?

      Or did the "security researcher" not disclose this to anyone before releasing it?

      Thank you. SOME of us have to explain our T&E based on a known vulnerability scale, not "Joe Hacker"...

    2. Re: Links not helpful by Anonymous Coward · · Score: 0

      You might find that the security researcher is an employee of the very company pitched near the end of this most excellent slashvertisement posing as news for nerds!

    3. Re:Links not helpful by Anonymous Coward · · Score: 1

      No, it was disclosed outright on Twitter/Github.

      https://github.com/SandboxEsca...

    4. Re:Links not helpful by Anonymous Coward · · Score: 0

      mod this up

    5. Re:Links not helpful by Anonymous Coward · · Score: 1

      Clicking on the P*.rar in there.....thanks....it tried to Do Something bad....AVAST stopped it....maybe...

  8. Just apply the 1809 patch to delete files. by Anonymous Coward · · Score: 0

    Probably examined the 1809 update, and duplicated its success in wiping files.

  9. THERE WILL BE CONSEQUENCES FOR YOUR LIES KEN DOLL by Anonymous Coward · · Score: -1

    THERE WILL BE CONSEQUENCES FOR YOUR LIES KEN DOLL, as opposed to your vanilla latte "sense of humor" you boring cunt

    Filter error: Don't use so many caps. It's like YELLING.

    Filter error: Don't use so many caps. It's like YELLING.

  10. What goes around comes around, you dumb fuck by Anonymous Coward · · Score: -1

    Leftists are finally the target of the crap they've been pulling for decades:

    1969: A Year of Bombings

    The 1969 bombings were part of a wave of similar episodes across the nation that spurred fear and anxiety. (One study found that from January 1969 to October 1970, there were about 370 bombings - most of them minor - in New York, an average of more than one every other day.)

    And let's not forget celebrated leftist and likely Obama ghostwriter Bill Ayers:

    After the Greenwich Village townhouse explosion in 1970, in which Weatherman member Ted Gold, Ayers's close friend Terry Robbins, and Ayers's girlfriend, Diana Oughton, were killed when a nail bomb being assembled in the house exploded, Ayers and several associates evaded pursuit by law enforcement officials. Kathy Boudin and Cathy Wilkerson survived the blast. Ayers was not facing criminal charges at the time, but the federal government later filed charges against him.[7] Ayers participated in the bombings of New York City Police Department headquarters in 1970, the United States Capitol building in 1971, and the Pentagon in 1972, as he noted in his 2001 book, Fugitive Days. Ayers writes:

    Although the bomb that rocked the Pentagon was itsy-bitsy—weighing close to two pounds—it caused 'tens of thousands of dollars' of damage. The operation cost under $500, and no one was killed or even hurt.[19]

    After the bombing, Ayers became a fugitive. During this time, Ayers and fellow member Bernardine Dohrn married and remained fugitives together, changing identities, jobs and locations.

    Nevermind last year's shooting of the House Majority Whip by a TDS-addled LEFTIST Bernie Bro shouting "This is for health care!!!"

    About damn time you're the target of your own damn violent bullshit.

    1. Re:What goes around comes around, you dumb fuck by Anonymous Coward · · Score: -1

      1969 ?!

      You fucking traitors need to get the hell out of America. Go to Russia, and work for Trump's mafia head, Vladimir Putin.

      You may find a lone counterexample to cling to, but the GOP incites violence and spreads lies about the targets of today's republican terrorist attack on Democrats, and the Media.

      Because of you fucking traitors, now every loyal America has to check their mail for bombs.

      Get the fuck out you fucking traitors!

    2. Re:What goes around comes around, you dumb fuck by Anonymous Coward · · Score: -1

      1969 ?!

      ...

      Yep.

      Fucking progtards were bombing everything they didn't like back then.

      Now?

      Those same violent leftist thugs are "respected members of the community".

      YOU NOW WANT "CIVIL"?

      AFTER LITERALLY TRYING TO ASSASSINATE REPUBLICANS LAST YEAR?

      FUCK YOU AND THE HORSE YOU RODE IN ON!

      Let me say it this way: FUCK YOU AND GO DIE IN A BOMB BLAST!!!!

    3. Re:What goes around comes around, you dumb fuck by Anonymous Coward · · Score: -1

      The difference is that Democrats don't advocate violence and Moscow Donald does.

      All of the targets that Donald Trump advocated violence against have received bombs today, while republicans tacitly supported this incitement to violence.

      Are you really too fucking stupid to understand that?

      What am I saying, of course you are stupid. That's why you blindly support obvious traitors and scam artists.

      Your dumb ass is already dead from the neck up, but you are too distracted helping Trump incite violence and commit treason to see it.

    4. Re:What goes around comes around, you dumb fuck by Anonymous Coward · · Score: -1

      Trump has never advocated violence unlike the left and antifa. The worst war we ever had was started by the nationalist socialist party in Germany.

    5. Re:What goes around comes around, you dumb fuck by Anonymous Coward · · Score: 0

      You fucking traitors need to get the hell out of America.

      Thought it was a free country. You changing your mind on that?

    6. Re: What goes around comes around, you dumb fuck by Anonymous Coward · · Score: -1

      The Nazis were the very definition of far right. When will you Yank right-wingers realise that the reason the Nazis put the word socialist in their name was because in the 1920s and 30s socalism was cool, and they wanted to attract disaffected people to their party. It doesn't make them actually socialists in the same way that the democratic peoples Republic of North Korea being called that doesn't make it a democracy.

      Hitler was one of yours right wingers, own it!

    7. Re:What goes around comes around, you dumb fuck by Anonymous Coward · · Score: 0

      I think you might need to up your meds. Tell mommy you need two pills a day

    8. Re: What goes around comes around, you dumb fuck by Anonymous Coward · · Score: -1

      Wrong. https://www.forbes.com/sites/billflax/2011/09/01/obama-hitler-and-exploding-the-biggest-lie-in-history/#1dd8bdc247a6

  11. Obligatory snark... by sconeu · · Score: 2

    Isn't the easier method just to install the October release of Windows 10?

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  12. New Windows Zero-Day Bug Helps Delete Any File by fahrbot-bot · · Score: 4, Funny

    Ya, it's called the 2018 Windows 10 October Update :-)

    --
    It must have been something you assimilated. . . .
  13. Windows needs moar random services by Anonymous Coward · · Score: 0

    This is what Windows needs is even more totally worthless Windows services doing nothing but wasting resources for no reason that anyone on earth except Microsoft cares about.

    Apparently common issues with this service include crashing and busy spinning CPU for no reason. Neither is there any API documentation for this "service" available for any application developer to actually make use of.

    This is why Microsoft sucks not because their programmers make mistakes but because they just won't stop increasing attack surface of Windows by piling on more and more useless garbage. They just can't help themselves.

    1. Re:Windows needs moar random services by Anonymous Coward · · Score: 0

      Exactly! Imagine an internet connection relying on Windows Print Spooler service when I don't even have a printer in my office and my home.
      Stupidest idea to disable my wifi and internet connection when Print Spooler service of windows is stopped. One of the reasons why I still have my golden XP laptop at the living room, showing it off to my techie friends. It is more secure, and they agreed.

  14. Finally able to delete bloatware on my system. by Anonymous Coward · · Score: 0

    Going to delete that voice activated search now!

  15. The Irony by Anonymous Coward · · Score: 0

    A 0day that will let you delete Flash...

  16. SandboxEscaper? by citizenr · · Score: 3, Interesting

    SandboxEscaper - isnt this the guy Microsoft refused to pay up (under bug bounty program) for previous privilege elevation bug found? bad move MS.

    --
    Who logs in to gdm? Not I, said the duck.
    1. Re:SandboxEscaper? by Anonymous Coward · · Score: 0

      I'll break it again - playing with path aliases and renaming drive letters - or even nodes. What if you add a device, which causes drive letters to change? Can a carefully created multipart file such as a RAR cause issues?
      Data broker - rubbish. Looks like it will accept injected commands and is too lazy to fetch ACL's - or the data broker is running elevated when it does not need to.
      This suggest MS MQ or other transaction services may have teh same vulns.

    2. Re:SandboxEscaper? by thegarbz · · Score: 1

      SandboxEscaper - isnt this the guy Microsoft refused to pay up (under bug bounty program) for previous privilege elevation bug found? bad move MS.

      Link? I did a google search and found nothing about anyone refusing to pay someone by the name of SandboxEscaper. I did however find plenty of stories and comments about "irresponsible disclosure" and this guy being criticised by other security researchers.

    3. Re:SandboxEscaper? by citizenr · · Score: 1

      CVE-2018-8314

      --
      Who logs in to gdm? Not I, said the duck.
    4. Re:SandboxEscaper? by thegarbz · · Score: 1

      Cool a CVE. I am not interested in the exploit. I am interested in evidence that he was not paid or a discussion of why from some source. I typed your CVE into Google along with the words "not paid" and come up empty.

  17. Z Z Z Z z z z z by MrL0G1C · · Score: 1

    Yet another boring security issue that is only an issue if you allow the attacker to run their malicious code on your machine.

    The overlooked issue is that windows runs far too much unnecessary junk that no-one is using on everyone's machine.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  18. Bug? Or feature? Finally, I can delete Cortana! by Anonymous Coward · · Score: 0

    I'm only half-kidding. I don't use Cortana for anything, but it's definitely undeleteable. If this bug allows me to delete files that Windows stubbornly refuses to delete, I'm all for it. Assuming I can somehow control who else can exploit it.

    Fear me, bloatware! I possess the power to banish you... forever!

  19. Fake bombs for fake news by Anonymous Coward · · Score: 0

    Fake bombs for fake news.

    Seems appropriate.

  20. Can I use this bug to delete files in use? by Anonymous Coward · · Score: 0

    Does this bug allow me to delete files currently in use by another program? That particular design flaw of Windows annoys me daily.

    If I say 'delete' or 'move', the OS doesn't get to say 'No' if permissions and ACLs agree, all it is expected to do is to delete/move the file, even if in use. If done right the program who is currently using it can keep using it, for everyone else it will be gone. There might be a reason why all the *IX systems do it that way.

  21. FEATURE by nybo · · Score: 1

    Usually windows blocks me from deleting files (used by another process)