Worrying Windows 10 wrecking-ball weapon weirdly wanders wildly on worldwide web

Zero-day crash'n'pwn exploit for Microsoft's latest OS disclosed, no official patch available (yet)

burning laptop

A skilled Microsoft bug hunter with a penchant for public disclosures via Twitter has openly floated a new Windows 10 zero-day flaw.

The researcher, who goes by the pseudonym SandboxEscaper, says the bug is present in the code handling advanced local procedure calls (ALPCs). It can be exploited by a malicious logged-in user or malware on an already infected computer to arbitrarily delete or tamper with anything from application .dll files to critical system components.

According to SandboxEscaper, the vulnerability is similar to the local privilege escalation flaw posted back in August, with the added twist of the attacker now being able to wipe files.

The researcher has provided a proof-of-concept on GitHub and tweeted out a link earlier this week – see below. WARNING: it will crash your Windows 10 PC into recovery mode, and require you to revert your filesystem back to a previous good backup. Don't touch it unless you know what you're doing.

Arcos Security CEO Mitja Kolsek noted that the flaw relies abusing Data Sharing Service, a component that is present in Windows 10 and Server 2016, but not on Windows 7, suggesting older machines will not be vulnerable to the exploit. Arcos has produced an unofficial micropatch for Windows 10 to close the security hole.

Those worried about attack can install the micropatch, though as SandboxEscaper noted, the flaw will be difficult for an attacker to successfully exploit in the wild.

That also likely means that Microsoft will opt not to issue an out-of-band update for the coding cockup, and wait until next month's Patch Tuesday to post a permanent fix for the vulnerability. We have asked Redmond for confirmation, just in case. ®




Biting the hand that feeds IT © 1998–2018