A new vulnerability was recently discovered in Windows 10 (via BleepingComputer) involving the Microsoft Data Sharing Service. The exploit was discovered by the pseudonymous SandboxEscaper, a former vulnerability researcher, and allows system library files to be deleted, forcing Windows to attempt to search for new libraries. This potentially puts a hacker in a spot to push fake malicious libraries in place of real ones. A successful exploit was also performed by Will Dormann, who shows the vulnerability is only in Microsoft’s latest Windows 10 system, not Windows 8.1 or any older iteration of Windows.
Confirmed as well on Win10 1803, fully-patched as of October.
It’s perhaps worth noting that the service used by the PoC, Data Sharing Service (dssvc.dll), does not seem to be present on Windows 8.1 and earlier systems. https://t.co/W8cNNC4xYO— Will Dormann (@wdormann) October 23, 2018
Th vulnerability is present in both older and newer releases of Windows 10, including Microsoft’s recently pulled October 2018 Update, as well as Windows Server 2016 and 2019 operating systems. Luckily though, the exploit is difficult for hackers to take advantage of, according to SandboxEscaper and the risk is of “low quality,” although a successful hack can make the system completely unbootable.
Fortunately, the folks of 0patch have implemented their own fix for the issue which can be patched through their application, which available for download on their website. The application also provides patches for other system vulnerabilities, not just the one mentioned here. Microsoft regularly patches Windows, as well, and it may be best to just wait for the next official patch.
