home.aspx
 
. https://securityboulevard.com/2019/01/new-windows-zero-day-bug-allows-deleting-arbitrary-files/
blog article
NEW WINDOWS ZERO-DAY BUG ALLOWS DELETING ARBITRARY FILES
A security researcher released exploit code for an unpatched bug in Windows that could allow an attacker with limited privileges to delete system files. Exploiting the bug requires winning a race condition on the machine, so a successful exploit can take some time as it will retry until it succeeds, the researcher who uses the online handle SandboxEscaper said in the release notes. This is the fourth Windows zero-day vulnerability publicly disclosed by SandboxEscaper in the past four months and the second in December. Two weeks ago, the researcher published details about a vulnerability that could be exploited from a limited account to read files that shouldn’t normally be accessible to that account. That flaw could lead to sensitive information disclosure. The new bug can be used to crash systems by deleting critical system files. For example, the researcher’s proof-of-concept exploit deletes a file called pci.sys that’s required during the boot process. READ MORE