Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Security researchers release Windows zero-day exploit proof of concept

2 min. read

Published onOctober 24, 2018

published onOctober 24, 2018

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

A new vulnerability was recently discovered in Windows 10 (viaBleepingComputer) involving the Microsoft Data Sharing Service. The exploit was discovered by the pseudonymousSandboxEscaper, a former vulnerability researcher, and allows system library files to be deleted, forcing Windows to attempt to search for new libraries. This potentially puts a hacker in a spot to push fake malicious libraries in place of real ones. A successful exploit was also performed by Will Dormann, who shows the vulnerability is only in Microsoft’s latest Windows 10 system, not Windows 8.1 or any older iteration of Windows.

Confirmed as well on Win10 1803, fully-patched as of October.It’s perhaps worth noting that the service used by the PoC, Data Sharing Service (dssvc.dll), does not seem to be present on Windows 8.1 and earlier systems.https://t.co/W8cNNC4xYO

— Will Dormann (@wdormann)October 23, 2018

Th vulnerability is present in both older and newer releases of Windows 10, including Microsoft’srecently pulled October 2018 Update, as well as Windows Server 2016 and 2019 operating systems. Luckily though, the exploit is difficult for hackers to take advantage of,accordingto SandboxEscaper and the risk is of “low quality,” although a successful hack canmake the system completely unbootable.

Fortunately, the folks of 0patch have implemented their own fix for the issue which can be patched through their application, which available for download on their website. The application also provides patches for other system vulnerabilities, not just the one mentioned here. Microsoft regularly patches Windows, as well, and it may be best to just wait for the next official patch.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina