Windows Zero-Day Vulnerability Disclosed

Proof-of-concept code has been released to exploit a zero-day vulnerability in Windows that could allow a threat actor to delete files, including system data, without any permissions, and may also allow them to escalate privileges. The vulnerability exists in the Microsoft Data Sharing Service that provides data brokering between applications, a service present in Windows 10, and Server 2016 and 2019 operating systems. Though proof-of-concept code exists, researchers caution that this bug would still be difficult to exploit. There is currently no patch available. The NJCCIC recommends users and administrators of affected Windows operating systems apply a patch if and when one becomes available.