The SandboxEscaper profile posted on Twitter the proof of concept (PoC) of a Windows Zero-Day flaw. This vulnerability affects recent versions of Windows, occurring in the Microsoft Data Sharing Service (dssvc.dll), allowing a potential attacker to acquire privilege escalation and perform critical system deletion.

The flaw allows anyone who is not a system administrator to perform high-level permissions actions because Data Sharing provides intermediation between data and does not check the permissions more than once. With PoC an attacker can delete or hijack any files, data, DLLs (Dynamic Link Library) and system services. These damages cause a breakdown of the operating system, which needs to be restored in order to be recovered.

Windows versions 8.1 and earlier are not affected, as dssvc.dll was not yet implemented, only occurring in the Windows 10 version, making it even vulnerable to all versions of the system. There are no patches yet.

Article originally published in the Tempest Soundbites app, available to Tempest customers on Android and iOS versions. To get a credential, talk to your relationship manager.