Main Vulnerability Database SB2018102402

SB2018102402 - Denial of service in Microsoft Windows

Published: October 24, 2018 Updated: November 14, 2018

Security Bulletin ID SB2018102402

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2018-8584)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to improper access control в Data Sharing Service (dssvc.dll). A local attacker can abuse a new Windows service not checking permissions again, delete OS files or DLLs, replace them with malicious versions and crash the operating system.

Remediation

Install update from vendor's website.

References

https://twitter.com/SandboxEscaper/status/1054744201244692485
https://github.com/SandboxEscaper/randomrepo/blob/master/DeleteBug1.rar
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8584