Remember the guy SandboxEscaper ??? who had released microsofts's windows zero-day exploit two months ago had came with another windows zero-day vulnerability with its Proof-Of-Concept.
In the past SandboxEscaper publicly disclosed the zero-day vulnerability of microsoft's windows operating system that could help attackers to gain system privileges without local user interaction.
Two days back, SandboxEscaper on twitter posted a link of his github repository where an another microsoft's windows privilege escaltion vulnerability Proof-of-Concept is posted.
Not the same bug I posted a while back, this doesn't write garbage to files but actually deletes them.. meaning you can delete application dll's and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them," the researcher wrote.
According to the security experts, This vulnerability effects the Microsoft Data Sharing dssvc.dll, which is a local service that provides data brokering between different applications.
The attacker can elevate the privileges of victims computer through the exploit code which is deletebug.exe which is coded by the researcher. It allows the attacker to delete system files.
Since the file dssvc.dll present only in latest versions of windows systems, this vulnerability only effects latest windows systems such as Windows 10 including Windows Server 2016 & 2018.
SandboxEscaper going blackhat since neither of his two findings were reported to microsoft.
Find us at