Windows Zero-Day Bug Revealed on Twitter

A security researcher who goes by the handle “SandboxEscaper” posted this week on Twitter a Windows zero-day flaw affecting Windows 10, Server 2016, and Server 2019.

 

The flaw, which affects the Microsoft Data Sharing (dssvc.dll) service, can be used by an attacker to elevate their privileges on systems they already have access to, according to several security experts who analyzed the proof-of-concept.

 

Infosec expert Kevin Beaumont said that the bug, which is almost identical to the previous zero-day SandboxEscaper also published on Twitter, allows non-admins to delete any file by abusing a new Windows service not checking permissions again.

 

 

Source: ZDNet