Windows 10 October 2018 Update Hit by ZIP File Bug Spotted Months Before Release

Advertisement
By Gadgets 360 Staff | Updated: 24 October 2018 19:04 IST
Highlights
  • This is one of several bugs found in Windows 10 October 2018 Update
  • In the meanwhile, a zero-day vulnerability has been publicly outed
  • The vulnerability could be misused by malware authors before a patch

Windows 10 October 2018 Update has been riddled with bugs since launch

Windows 10 October 2018 Update's launch was rocky to say the least, with bugs popping up immediately after release, and one severe enough to delete user data upon installation. This caused Microsoft to suspend the rollout until it could fix the issue, and industry-wide outrage at the lack of quality control on part of the Redmond giant in fixing bugs that had already been spotted in preview stages. Now it appears Windows 10 October 2018 Update (aka Windows 10 version 1809) has been hit with another bug related to ZIP archives. In the meanwhile, a security researcher has publicly outed a zero-day vulnerability in Windows 10, Windows Server 2016, and Windows Server 2019. A patch for this vulnerability has yet to be rolled out by Microsoft.

First spotted by a Reddit user, the Windows 10 October 2018 Update contains a bug related to extracting/ pasting files from a ZIP archive when using the native Windows File Explorer tool. If a user tries to extract or paste a file (let's say, gadgets360.jpg) from inside a ZIP archive into another folder containing another file with the same name (gadgets360.jpg), they will not be given an overwrite prompt. Instead, the destination folder file's modified date changes, but the file is not replaced at all.

Windows 10 October 2018 Update Patch Now Giving Blue Screen of Death Issues, Some Users Report

Advertisement

While this doesn't sound as serious as the data-loss bug, and doesn't actually overwrite the file, it is severe if one counts the use case where the original ZIP file is deleted by a user convinced they have replaced files. It also misleads users into believing there was no file in the destination folder that matched with files in the ZIP archive. Another Reddit user, who added that the bug also has the Windows File Explorer showing file transfer progress, corroborates the bug.

Advertisement

Notably, as was the case with the data-loss bug, a Windows Insider Preview tester had spotted the presence of ZIP file bug three months ago, and reported it to the Feedback Hub. However, thanks to just a few upvotes on the bug report (as was the case with the data-loss bug, ZDNet notes), it appears to have been overlooked by Microsoft when compiling the Windows 10 October 2018 Update. BleepingComputer adds that this bug was fixed in the Windows 10 Insider Preview Build 18234 (19H1) release that was pushed to testers a full month before the public rollout of the October 2018 Update. Unfortunately, this fix never made it to general users, but with a fix already in builds, one can expect Microsoft to patch it soon enough.

In light of the data-loss bug and how it was originally caught by testers but missed by Microsoft, the Redmond giant had published a short blog post on how it was changing the manner in which bugs could be reported in the Feedback Hub - bug reporters would now be able to add a severity rating. This, Microsoft hopes, would help ensure Windows 10 developers don't miss out severe reports when fixing bugs in public releases. "We believe this will allow us to better monitor the most impactful issues even when feedback volume is low," Brandon LeBlanc, Senior Program Manager on the Windows Insider Program Team said.

Advertisement

Next up, we have a new zero-day vulnerability reported by a security researcher who for now is just known by their Twitter handle - SandboxEscaper. It was publicly outed on Twitter on Tuesday, and this is not the first time that SandboxEscaper has found a zero-day Windows vulnerability and publicly outed it - the last time was less than two months ago. Microsoft acknowledged August's bug report in a statement to ZDNet, and a fix was rolled out in the September 2018 Patch Tuesday update, but not before PowerPool group used it in a malware distribution campaign.

Getting back to Tuesday's zero-day vulnerability disclosure by SandboxEscaper, a GitHub proof-of-concept has also been published alongside. The bug affects the Microsoft Data Sharing service, known as dssvc.dll in Windows 10, Windows Server 2016, and Windows Server 2019. The vulnerability allows attackers to elevate privileges on a machine they already have access to. While the proof-of-concept exploit only details how an attacker can delete files they don't have permission to, the exploit could be modified to let attackers perform more actions, ZDNet cites several security experts to say. While Microsoft has yet to comment on this latest bug report, such a public disclosure may once again give bad actors a chance to weaponise it into malware campaigns before Microsoft can patch it. A security company called 0patch has in the meanwhile released a micropatch for the vulnerability, which could be used by concerned users before an official fix is released.

 
Post your comments

Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.

Further reading: Windows 10, Windows 10 October 2018 Update, Windows, Microsoft, Zero Day Vulnerability, Cyber Security
3 New Mac Models Spotted in Eurasian Database, Likely to Debut on October 30
Apple CEO Tim Cook Backs Privacy Laws, Warns Data Being 'Weaponised'
Advertisement

Related Stories

Samsung Internet Browser Beta for Windows PCs Launched with Galaxy AI Integration
31 October 2025
Microsoft Releases Final Windows 10 Update With Bug Fixes, Security Patches; 'Big' Windows Announcement Teased
15 October 2025
Microsoft Ends Windows 10 Support Today: Here are Five Things to Know
14 October 2025
How to Update to Windows 11 Before Microsoft Ends Windows 10 Support on October 14: A Step-by-Step Guide
13 October 2025
Windows 10 Support Ends on October 14: Here's How to Receive Extended Updates for Free
9 October 2025
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Motorola Unveils Signature Phone With Four 50-Megapixel Cameras
  2. Redmi Pad 2 Pro 5G With 12,000mAh Battery Arrives in India: See Price
  3. Motorola Unveils Razr Fold as its First Book-Style Foldable at CES
  4. Realme 16 Pro+, Realme 16 Pro Review: A New Dawn for Realme
  5. Realme 16 Pro Series With 7,000mAh Battery Debuts in India: See Price
  6. Redmi Note 15 5G First Impressions
  7. Realme Buds Air 8 Launched in India With Up to 58 Hours of Total Battery Life
  8. CES 2026: Motorola Enters the Wearable AI Race With Project Maxwell
  9. AMD Unveils Ryzen 7 and Next-Gen AI Chips With a New Developer Platform
  10. Samsung​ Galaxy Book 6 With Up to Intel Core Ultra Series 3 Chips Launched
#Latest Stories
  1. Lenovo Legion Go 2 SteamOS Version Revealed at CES 2026, Will Be Available From June 2026
  2. Motorola Unveils Unified AI Platform and AI Pin-Styled Wearable Device Prototype at CES 2026
  3. iQOO Z11 Turbo Battery, Charging Details Confirmed; Tipster Leaks Camera Specifications
  4. CES 2026: Eureka Z50, E10 Evo Plus Robot Vacuum Cleaners Launched, FloorShine 890 Tags Along
  5. Motorola Unveils Signature Phone With Snapdragon 8 Gen 5 Chip and 50-Megapixel Sony LYTIA Cameras: Price, Specifications
  6. CES 2026: Motorola Razr Fold Announced With 2K LTPO Inner Display, 50-Megapixel Triple Cameras
  7. Self-Driving Cars Could Prevent Over 1 Million Road Injuries Across the U.S. by 2035
  8. Astronomers Measure Mass and Distance of a Rogue Planet for the First Time in History
  9. The Rip OTT Release Date: When and Where to Watch it Online?
  10. Netflix’s One Last Adventure Takes Fans Inside the Making of Stranger Things 5
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.