​Windows’ latest zero-day vulnerability could allow hackers to overwrite ‘pci.sys’ file

• The vulnerability can further be used to conduct a denial-of-service attack on a machine.
• This is the fourth Windows zero-day discovered in last five months.

A new zero-day vulnerability in the Windows operating system has been discovered recently. This is the fourth Windows zero-day discovered in last five months and it could allow attackers to overwrite a targeted file with random data.

The exploit code of the vulnerability is published on GitHub by a security researcher who goes by the name of SandboxEscaper. By running the Proof-of-Concept (PoC), the researcher had managed to overwrite ‘pci.sys’ - by collecting software and hardware problems through the Windows Error Reporting (WER) event-based feedback infrastructure. ‘Pci.sys’ is a system component that helps in correctly booting the operating system.

Limitations of the attack

The exploit code published on GitHub works with some limitations. The researcher said that zero-day vulnerability discovered does not affect the CPU and that it takes a while to produce an effect on targeted systems. Explaining the reason behind this delay, SandboxEscaper said the bug relies on a race condition and other operations for the executing an attack.

The impact of the vulnerability was confirmed by Will Dorman, a vulnerability analyst at CERT/CC, after he was able to reproduce the bug on a Windows 10 system - build 17134.

Impact

Since the target is ‘pci.sys’, SandboxEscaper highlights that the vulnerability can further be used to conduct a denial-of-service attack on a machine. It can also be used to disable third-party AV software.

SandboxEscaper has informed Microsoft Security Response Center(MSRC) about the new bug.

This is the second bug discovered by the researcher in this month. On December 19, SandboxEscaper had published a PoC of third zero-day vulnerability that could allow hackers to read protected files.