Weekly Comments

23 - 30 October 2018

A researcher by the Twitter handle SandboxEscaper has released another zero-day vulnerability on social media without first coordinating disclosure with the vendor.
A researcher by the Twitter handle SandboxEscaper has released another zero-day vulnerability on social media without first coordinating disclosure with the vendor. The Windows zero-day affects Microsoft Data Sharing (dssvc.dll), a local service that provides data brokering between applications. An attacker with normal user access can abuse the vulnerability to delete any files, which may allow privilege escalation. SandboxEscaper has posted a proof-of-concept on GitHub that deletes the critical system file, pci.sys, rendering the system unbootable. Alternatively, an attacker may be able to plant a malicious replacement file after the deletion so that malicious code can be executed the next time the file is needed. The zero-day affects Windows 10, Server 2016 and Server 2019. Microsoft is analysing the vulnerability and is expected to patch the flaw in November Patch Tuesday, scheduled for release on 13 Nov 2018. 

References:
[1] Microsoft Windows Zero-day Disclosed on Twitter, Again
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence