Confirmed as well on Win10 1803, fully-patched as of October. It's perhaps worth noting that the service used by the PoC, Data Sharing Service (dssvc.dll), does not seem to be present on Windows 8.1 and earlier systems.https://twitter.com/mkolsek/status/1054780894785998848 …
-
-
Upside: The default search order (https://docs.microsoft.com/en-us/windows/desktop/dlls/dynamic-link-library-search-order#standard-search-order-for-desktop-applications …) only has the PATH locations following windows/system32/system paths, so the attacker would have to be able to plant the deleted file somewhere in PATH. Not impossible but not possible by default.
- 5 more replies
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.