Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Windows Zero-Day Bug Helps Delete Any File, Exploit Available (bleepingcomputer.com)

Posted by BeauHD on from the here-we-go-again dept.

An anonymous reader quotes a report from Bleeping Computer: Proof-of-concept code for a new zero-day vulnerability in Windows has been released by a security researcher before Microsoft was able to release a fix. The code exploits a vulnerability that allows deleting without permission any files on a machine, including system data, and it has the potential to lead to privilege escalation. The vulnerability could be used to delete application DLLs, thus forcing the programs to look for the missing libraries in other places. If the search reaches a location that grants write permission to the local user, the attacker could take advantage by providing a malicious DLL.

The problem is with Microsoft Data Sharing Service, present in Windows 10, Server 2016 and 2019 operating systems, which provides data brokering between applications. Will Dormann, a vulnerability analyst at CERT/CC, tested the exploit code successfully on a Windows 10 operating system running the latest security updates. Behind the discovery is a researcher using the online alias SandboxEscaper, also responsible for publicly sharing in late August another security bug in Windows Task Scheduler component. Microsoft hasn't addressed the issue, but there is a temporary fix available through the oPatch platform. "A micropatch candidate was ready seven hours after the zero-day vulnerability announcement, and it blocked the exploit successfully," reports Bleeping Computer. "oPatch now delivers the stable version of the micropatch for fully updated Windows 10 1803.

28 of 74 comments (clear)

  1. This is why I use by Anonymous Coward · · Score: 3, Informative

    Linux

    1. Re:This is why I use by Highdude702 · · Score: 1

      Microsoft had Terry Davis killed!!! This proves it!!

    2. Re: This is why I use by Oriumpor · · Score: 1

      Fuck, some of us are stuck with it cause we got users... but you know what this means??? Bye bye mother fuckin Xbox uwp you can't remove!!!

    3. Re:This is why I use by sproketboy · · Score: 1

      TempleOS FTW

    4. Re:This is why I use by Skuld-Chan · · Score: 1

      Linux has its own share of dumb security bugs too though - like the recent libssh issue (yeah I know its not linux per se, but whatever).

  2. Too long by SuperKendall · · Score: 4, Funny

    The problem is with Microsoft...

    Could have just stopped right there.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Too long by dc29A · · Score: 5, Funny

      That's true, you don't need zero day exploits to delete files, a simple Windows update takes care of it!

    2. Re:Too long by sn0wflake · · Score: 2

      If all you Linux dorks spent some time making Linux user-friendly instead of sitting in forums all day long bashing Microsoft, maybe some people would consider switching to Linux. 20 years later and being completely free, and Linux is still a joke with minimal usage from regular users.

    3. Re:Too long by Anonymous Coward · · Score: 2, Funny

      If all you Linux dorks spent some time making Linux user-friendly instead of sitting in forums all day long bashing Microsoft, maybe some people would consider switching to Linux. 20 years later and being completely free, and Linux is still a joke with minimal usage from regular users.

      linux is user-friendly....it's just rather picky about the users it's friendly with...

    4. Re:Too long by rtb61 · · Score: 1

      So it is not a bug it is a feature, the bug, whoops everyone can see that feature that no one wants, the ability of M$ to delete any file it wants to on your computer at any time it wants to, as soon as you run windows 10. The bug is, the feature is now visible, don't worry they will hide it again in double quick time.

      --
      Chaos - everything, everywhere, everywhen
  3. Outstanding News by Anonymous Coward · · Score: 1

    I have been avoiding the upgrade process for quite some time. My diligence has paid off!

  4. Can this be used ... by WoodstockJeff · · Score: 5, Funny

    ... to remove those Win10 applications that Microsoft forbids you to remove?

    1. Re: Can this be used ... by Opportunist · · Score: 1

      He asked about cutting out Windows' junk, not his own.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re: Can this be used ... by Highdude702 · · Score: 1

      But how is he going to mount the tranny?

  5. oPatch by viperidaenz · · Score: 1

    What's oPatch? is it like 0patch?

  6. Links not helpful by viperidaenz · · Score: 4, Insightful

    What's the CVE for this exploit?

    Or did the "security researcher" not disclose this to anyone before releasing it?

    1. Re:Links not helpful by Anonymous Coward · · Score: 1

      No, it was disclosed outright on Twitter/Github.

      https://github.com/SandboxEsca...

    2. Re:Links not helpful by Anonymous Coward · · Score: 1

      Clicking on the P*.rar in there.....thanks....it tried to Do Something bad....AVAST stopped it....maybe...

  7. Obligatory snark... by sconeu · · Score: 2

    Isn't the easier method just to install the October release of Windows 10?

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  8. New Windows Zero-Day Bug Helps Delete Any File by fahrbot-bot · · Score: 4, Funny

    Ya, it's called the 2018 Windows 10 October Update :-)

    --
    It must have been something you assimilated. . . .
  9. Re:Like a technological Trump Bomb by snapsnap · · Score: 1, Insightful

    I think you're correct since as Saul Alinsky said, "Accuse the Other Side of That Which You Are Guilty." It's just sad how often our side fakes crap in order to try to appear as the victim.

  10. SandboxEscaper? by citizenr · · Score: 3, Interesting

    SandboxEscaper - isnt this the guy Microsoft refused to pay up (under bug bounty program) for previous privilege elevation bug found? bad move MS.

    --
    Who logs in to gdm? Not I, said the duck.
    1. Re:SandboxEscaper? by thegarbz · · Score: 1

      SandboxEscaper - isnt this the guy Microsoft refused to pay up (under bug bounty program) for previous privilege elevation bug found? bad move MS.

      Link? I did a google search and found nothing about anyone refusing to pay someone by the name of SandboxEscaper. I did however find plenty of stories and comments about "irresponsible disclosure" and this guy being criticised by other security researchers.

    2. Re:SandboxEscaper? by citizenr · · Score: 1

      CVE-2018-8314

      --
      Who logs in to gdm? Not I, said the duck.
    3. Re:SandboxEscaper? by thegarbz · · Score: 1

      Cool a CVE. I am not interested in the exploit. I am interested in evidence that he was not paid or a discussion of why from some source. I typed your CVE into Google along with the words "not paid" and come up empty.

  11. Re:Like a technological Trump Bomb by bn-7bc · · Score: 1

    you might be a toll, but instead of moding you as such, I'll give you the benefit of doubt and instead ask you a question: How is this trump rant even remotely related to a windows 0-DAY bug?

  12. Z Z Z Z z z z z by MrL0G1C · · Score: 1

    Yet another boring security issue that is only an issue if you allow the attacker to run their malicious code on your machine.

    The overlooked issue is that windows runs far too much unnecessary junk that no-one is using on everyone's machine.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  13. FEATURE by nybo · · Score: 1

    Usually windows blocks me from deleting files (used by another process)