DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

Windows’ latest zero-day vulnerability could allow hackers to overwrite ‘pci.sys’ file

DigitalCIO Bureau by DigitalCIO Bureau
December 31, 2018
in Tech News
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Source: Cyware | By Ryan Stewart

• The vulnerability can further be used to conduct a denial-of-service attack on a machine.
• This is the fourth Windows zero-day discovered in last five months.

A new zero-day vulnerability in the Windows operating system has been discovered recently. This is the fourth Windows zero-day discovered in last five months and it could allow attackers to overwrite a targeted file with random data.

The exploit code of the vulnerability is published on GitHub by a security researcher who goes by the name of SandboxEscaper. By running the Proof-of-Concept (PoC), the researcher had managed to overwrite ‘pci.sys’ – by collecting software and hardware problems through the Windows Error Reporting (WER) event-based feedback infrastructure. ‘Pci.sys’ is a system component that helps in correctly booting the operating system.

Limitations of the attack
The exploit code published on GitHub works with some limitations. The researcher said that zero-day vulnerability discovered does not affect the CPU and that it takes a while to produce an effect on targeted systems. Explaining the reason behind this delay, SandboxEscaper said the bug relies on a race condition and other operations for the executing an attack.

The impact of the vulnerability was confirmed by Will Dorman, a vulnerability analyst at CERT/CC, after he was able to reproduce the bug on a Windows 10 system – build 17134.

Impact
Since the target is ‘pci.sys’, SandboxEscaper highlights that the vulnerability can further be used to conduct a denial-of-service attack on a machine. It can also be used to disable third-party AV software.

SandboxEscaper has informed Microsoft Security Response Center(MSRC) about the new bug.

This is the second bug discovered by the researcher in this month. On December 19, SandboxEscaper had published a PoC of third zero-day vulnerability that could allow hackers to read protected files.

* Lead image used for representational purposes only.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Okaya Power Group Appoints Prakash Dharmani as CIO

by DigitalCIO Bureau
July 9, 2025
0
Okaya Power Group Appoints Prakash Dharmani as CIO

Prakash Dharmani has joined Okaya Power Group as its new Chief Information Officer (CIO). With over 33 years of experience across industries such as petrochemicals, refining, specialty packaging,...

Read moreDetails

Total Unique Malware Increases By 171%: WatchGuard

by DigitalCIO Bureau
July 9, 2025
0
OpenText Names LockBit  Nastiest Malware Of 2024

New WatchGuard research reveals 171% increase in total unique malware as attackers defy traditional defenses. Other key findings show an increase in email-borne malware threats, a rise in...

Read moreDetails

Dassault Systèmes Acquires Ascon Qube To Extend Virtual Twin Offering

by DigitalCIO Bureau
July 9, 2025
0

Dassault Systèmes has acquired the Ascon Qube technology from Ascon Systems Holding GmbH, a developer of software-defined automation systems.  The acquisition of Ascon Qube accelerates Dassault Systèmes’ leadership...

Read moreDetails

July 2025 Patch Tuesday: Comment from Satnam Narang, Sr. Staff Research Engineer, Tenable

by DigitalCIO Bureau
July 9, 2025
0
Microsoft Patch Tuesday 2023 Wrapped

"For the third consecutive July, Microsoft patched over 125 CVEs: 130 in 2023, 138 in 2024, and 127 in 2025. This month's count is well above the average...

Read moreDetails

Barracuda Unveils Backup Solution For Entra ID

by DigitalCIO Bureau
July 9, 2025
0

Barracuda Networks has announced the launch of Barracuda Entra ID Backup Premium – a comprehensive, cost-effective solution to safeguard Microsoft Entra ID environments from accidental and malicious data loss. With...

Read moreDetails
Next Post

How AI-Powered Robot Helps Safety of Indian Railways

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

AI Could Soon Bypass Most Known Cybersecurity Measures

Security of many APIs leaves much to be desired

October 21, 2024
Commvault Appoints Alex Janas as Field Chief Technology Officer, Security

Commvault Appoints Alex Janas as Field Chief Technology Officer, Security

November 7, 2023

How Facebook Messenger Will Warn You From Scammers

August 20, 2023

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Barracuda Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud HCLTech Honeywell IBM Infographics Internet of Things (IoT) Kaspersky Microsoft Netskope NTT DATA Palo Alto Networks Panel Discussion Qlik Salesforce ServiceNow Sophos Tenable Trend Micro Veeam Veeam Software Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?