A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data. The researcher warns that the exploit she wrote works with some limitations and may not have the expected effect on some CPUs. An analyst at CERT/CC, Will Dormann, who was able to reproduce the bug Windows 10 Home, build 17134, confirmed that the overwrite does not occur consistently. Since the target is ‘pci.sys,’ the PoC can cause a denial-of-service on the machine, from a user that does not have administrative privileges.
Source: https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-allows-overwriting-files-with-arbitrary-data/