The individual who identified several zero-day flaws in Windows 10 eventually reported another bug in the OS before the end of 2018. As per his findings, another Windows 10 zero-day bug threatened the users as it allowed modifying existing files. Exploiting this vulnerability could let an attacker overwrite files with arbitrary data.
Windows 10 Zero-Day Bug Allowing File Overwrites Discovered
Christmas day brought some annoying news for Microsoft as a researcher highlighted a zero-day vulnerability in its latest Windows OS. Allegedly, the researcher with alias Sandboxescaper dropped another Windows 10 zero-day bug notification online. At that time, they didn’t reveal the details, yet, pledged to provide the PoC in the following days. Before the end of 2018, they even disclosed the proof-of-concept on Github, thus allowing Microsoft to patch the flaw.
As disclosed recently, the bug could allegedly let an attacker overwrite system files with arbitrary data. Giving the PoC, the researcher herself demonstrated how she could overwrite the “pci.sys”. It is a critical system file responsible for correct OS boot.
As demonstrated by the researcher in the exploit, she could cause a DoS state on the target system without necessarily having admin privileges. She first revealed her findings on her Twitter account that is now suspended.
Limitations In The PoC
Though Sandboxescaper could successfully overwrite a system file in her PoC, this is not always workable. According to Will Dormann, Vulnerability Analyst at CERT/CC, the exploit can only work sometimes.
This latest 0day from SandboxEscaper requires a lot of patience to reproduce. And beyond that, it only *sometimes* overwrites the target file with data influenced by the attacker. Usually it’s unrelated WER data.https://t.co/FnqMRpLy77 pic.twitter.com/jAk5hbr46a
— Will Dormann (@wdormann) December 29, 2018
Moreover, the researcher also explained that the exploit may not work on some CPUs. For instance, she couldn’t exploit the bug on a CPU with one core.
While the researcher seemingly informed Microsoft about the vulnerability, Microsoft hasn’t confirmed the report yet. So, we may speculate that, at present, the bug is exploitable.
Take your time to comment on this article.