Windows’ latest zero-day vulnerability could allow hackers to overwrite ‘pci.sys’ file

[ Jan 02, 2019 ]

A new zero-day vulnerability in the Windows operating system has been discovered recently. This is the fourth Windows zero-day discovered in last five months and it could allow attackers to overwrite a targeted file with random data.

The exploit code of the vulnerability is published on GitHub by a security researcher who goes by the name of SandboxEscaper. By running the Proof-of-Concept (PoC), the researcher had managed to overwrite ‘pci.sys’ – by collecting software and hardware problems through the Windows Error Reporting (WER) event-based feedback infrastructure. ‘Pci.sys’ is a system component that helps in correctly booting the operating system.

Since the target is ‘pci.sys’, SandboxEscaper highlights that the vulnerability can further be used to conduct a denial-of-service attack on a machine. It can also be used to disable third-party AV software.

SandboxEscaper has informed Microsoft Security Response Center(MSRC) about the new bug.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: