Jump to content

Windows’ latest zero-day vulnerability could allow hackers to overwrite ‘pci.sys’ file


The AchieVer

Recommended Posts

The AchieVer
vulnerable,cyber,war,computer,code,network,protection,virus,web,access,alert,angle,attack,background,blur,blurred,care,coding,communication,concept,crack,critical,dark,data,digital,display,effect,emphasize,hexadecimal,information,monitor,net,one,privacy,protect,red,safe,safety,screen,secure,security,system,technology,text,texture,user,vulnerability,word,zero
 
  • The vulnerability can further be used to conduct a denial-of-service attack on a machine.
  • This is the fourth Windows zero-day discovered in last five months.

A new zero-day vulnerability in the Windows operating system has been discovered recently. This is the fourth Windows zero-day discovered in last five months and it could allow attackers to overwrite a targeted file with random data.

The exploit code of the vulnerability is published on GitHub by a security researcher who goes by the name of SandboxEscaper. By running the Proof-of-Concept (PoC), the researcher had managed to overwrite ‘pci.sys’ - by collecting software and hardware problems through the Windows Error Reporting (WER) event-based feedback infrastructure. ‘Pci.sys’ is a system component that helps in correctly booting the operating system.

Limitations of the attack

The exploit code published on GitHub works with some limitations. The researcher said that zero-day vulnerability discovered does not affect the CPU and that it takes a while to produce an effect on targeted systems. Explaining the reason behind this delay, SandboxEscaper said the bug relies on a race condition and other operations for the executing an attack.

 

The impact of the vulnerability was confirmed by Will Dorman, a vulnerability analyst at CERT/CC, after he was able to reproduce the bug on a Windows 10 system - build 17134.

Impact

Since the target is ‘pci.sys’, SandboxEscaper highlights that the vulnerability can further be used to conduct a denial-of-service attack on a machine. It can also be used to disable third-party AV software.

SandboxEscaper has informed Microsoft Security Response Center(MSRC) about the new bug.

 

This is the second bug discovered by the researcher in this month. On December 19, SandboxEscaper had published a PoC of third zero-day vulnerability that could allow hackers to read protected files.

 

source

Link to comment
Share on other sites


  • Replies 2
  • Views 503
  • Created
  • Last Reply

Anyone care to explain why you would run Windows 10 when it is even more buggy than previous versions? allow fewer tweaks? owns your computer?  Any reason you can come up with other that you are a windows fanboy is probably invalid.

Link to comment
Share on other sites


  • 2 weeks later...
On 1/1/2019 at 11:09 AM, straycat19 said:

Anyone care to explain why you would run Windows 10 when it is even more buggy than previous versions?

 

Around 64% are adolescent PC gamers that need to enlarge their e-penis with the newest DirectX version and newest GPU/CPU that mommy and daddy (or bitcoin) paid for. That leaves a maximum of 36% whom use Windows 10 because they may have a good reason to, and that's being generous.

 

I find it unfortunate that all this powerful hardware brought about by PC gaming also gets bogged down by the crappiest of bloatware. We went to the moon with a few K of memory, but now it takes about 2GB of RAM just to boot Windows...  And this problem is not even specific to Windows, as the mobile industry is certainly facing it too (I'm looking at you Google).

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...