Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/24/2018
12:15 PM
50%
50%

Twitter User Discloses Second Microsoft Zero-Day

The vulnerability can be used to elevate privileges and delete files on target systems.

Twitter user SandboxEscaper has published a Microsoft Windows zero-day flaw on Twitter, along with a proof-of-concept (PoC) on GitHub, for the second time since August.

This vulnerability affects Microsoft Data Sharing, which manages data handled between applications. Security analysts who analyzed the bug say it can be used to elevate privilege after an attacker gains system access.The PoC shows once they have that access, an attacker would be able to eliminate files that typically require administrative privilege to delete.

All versions of Windows 10, including the most recent update, are affected, in addition to Server 2016 and Server 2019, ZDNet reports. "The Data Sharing Service (dssvc.dll) does not seem to be present on Windows 8.1 and earlier systems," says Will Dormann, vulnerability analyst at the CERT/CC.

SandboxEscaper also used Twitter to disclose a Windows zero-day on Aug. 27. The bug affected the Advanced Local Procedure Call (ALPC) function within the Windows Task Manager in Windows 7 through Windows 10. A local user could use the flaw to gain system privileges.

Two days after the bug was posted on Twitter and its PoC on GitHub, researchers found the exploit in a campaign from the PowerPool threat group. Threat actors modified and recompiled the source code to insert their own malware and gain system privileges in targeted attacks.

0Patch reports it has issued a "micropatch" for the bug in fully updated Windows 10 1803 and in Server 2016.

Read more details here.

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29279
PUBLISHED: 2020-12-02
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVE-2020-29280
PUBLISHED: 2020-12-02
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVE-2020-29282
PUBLISHED: 2020-12-02
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVE-2020-29283
PUBLISHED: 2020-12-02
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
CVE-2020-29284
PUBLISHED: 2020-12-02
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vul...