• The vulnerability may also be used to attack a machine with a denial of service.
  • This is the fourth zero-day windows that were found in the last five months.

A new zero day was vulnerability recently discovered in the Windows operating system. This is the fourth zero-day Windows found in the last five months and could allow attackers to overwrite a target file with random data.

The vulnerability exploit code is published on GitHub by a security researcher named SandboxEscaper. By running the Proof of Concept (PoC), the researcher was able to overwrite’ pci.sys ‘-through the Windows Error Reporting (WER) event – based feedback infrastructure to collect software and hardware problems. Pci.sys’ is a system component that helps to boot the operating system correctly.

Attack limitations

The exploit code published on GitHub operates with certain limitations. The researcher said that the discovered zero-day vulnerability does not affect the CPU and it takes some time to have an impact on target systems.

Explaining the reason for this delay, SandboxEscaper stated that the bug depends on a race condition and other attack operations.

The vulnerability impact was confirmed by Will Dorman, a CERT / CC vulnerability analyst, after reproducing the bug on a Windows 10 system-build 17134. Impact Since the target is ‘ pci.sys,’ SandboxEscaper highlights that the vulnerability can also be used to attack a machine with a denial of service. It can also be used to disable AV software from third parties.

SandboxEscaper reported the new bug to the Microsoft Security Response Center (MSRC). This is the second bug that the researcher has discovered this month.

On 19 December, SandboxEscaper released a third-day PoC vulnerability that could enable hackers to read protected files.

Categorized in: