A Windows 0day vulnerability was made public on Twitter

The new 0day vulnerability has been disclosed and will affect all recent versions of Windows, including Windows 10. Researchers with the username “SandboxEscaper” shared a Proof of Concept on Twitter and GitHub to confirm the existence of this vulnerability.

https://twitter.com/SandboxEscaper/status/1054744201244692485

According to the researchers, the latest Windows Zero Day vulnerability affects the Microsoft Data Sharing component (dssvc.dll), a local service that provides data brokering between applications.

The vulnerability affects Windows operating systems, including Windows 10 (the latest Windows October 2018 Update) and, more importantly, Windows Server 2016, which is much more critical, even the new Server 2019 is also affected.

Mitja Kolsek, co-founder and CEO of ACROS Security, warns users not to run this PoC in a production environment because of curiosity because it removes Windows files and requires users to run System Restore to fix it. The best way is to wait for Microsoft to patch this vulnerability.