• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
BankIslami hit by Cyber Attack, $6 Million Stolen
October 28, 2018
REWTERZ THREAT ADVISORY – CVE-2018-15454 – Cisco zero-day exploited to crash devices and cause Denial of Service
November 2, 2018

Rewterz Threat Advisory – Microsoft Windows Zero-day ‘Arbitrary Windows file delete’ vulnerability

October 30, 2018

A new ‘windows file-delete vulnerability’ with PoC is posted online that may lead to local privilege escalation via DLL hijacking.

 

 

IMPACT:  NORMAL

 

 

PUBLISH DATE:  30-10-2018

 

 

OVERVIEW

 

 

This new bug with Proof-of-Concept was found leaked on Twitter by a researcher SandboxEscaper. The bug can be exploited to cause arbitrary windows file deletion and gain escalated privileges via DLL hijacking. The 0 Day vulnerability is still unpatched by the vendor. However, 0Patch has released a free micro-patch for fixing the bug.

 

 

ANALYSIS

 

 

The researcher who has found this bug said, “[It’s] Not the same bug I posted a while back, this doesn’t write garbage to files but actually deletes them. meaning you can delete application DLL’s and hope they go look for them in user write-able locations. Or delete stuff used by system services c:\windows\temp and hijack them.”

 

This ‘Deletebug’ vulnerability in Microsoft Data Sharing Service (dssvc.dll) lets non-admins abuse a new Windows service to delete any file without checking permissions. Once the deletebug.exe deletes pci.sys on the computer, it can no longer be restarted to make sure you test on a virtual machine, for reverting to a state before you ran deletebug.exe.

 

The vulnerability hasn’t been patched by Microsoft, however, a free micro-patch was released by 0Patch that fixes the bug in Microsoft Data Sharing Service. The micro-patch adds impersonation to the DeleteFileW call, hence blocking the exploit.

 

The Delete operation is then denied access due to the impersonation, as shown in the figure below. The vulnerability is reported in Windows 10 / Server 2016 whereas Windows 7 And Windows 8 aren’t affected.

 

 

 

 

AFFECTED PRODUCTS

 

 

Windows 10 and Server 2016 & 2019

 

 

UPDATES

 

 

Until Microsoft releases a patch, this arbitrary-delete vulnerability for fully updated Windows 10 1803 is fixed by 0Patch in a free micro-patch. Users with online 0patch Agents will have it auto-applied within 60 minutes.

 

All users can download the micro-patch from 0patch.com.

 

 

If you think you’re a victim of a cyber-attack, immediately send an e-mail to soc@rewterz.com.

 

 

 

 

 

 

 

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.