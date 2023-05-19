Stories
Slash Boxes
Comments

SoylentNews is people

SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day

posted by Fnord666 on Thursday May 23, @10:41PM   Printer-friendly
from the clever-names dept.
Security

martyb writes:

SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day:

On the heels of releasing a Windows zero-day exploit on Wednesday, developer SandboxEscaper has dropped exploit code for four more flaws on Thursday morning.

On Wednesday, she dropped a Windows zero-day exploit that would allow local privilege-escalation (LPE), by importing legacy tasks from other systems into the Task Scheduler utility – and she promised four more unpatched bugs while she was at it.

SandboxEscaper held true to that promise, on Thursday releasing on GitHub the proof-of-concepts (PoCs) for another three Windows LPE flaws, and a sandbox-escape zero-day vulnerability impacting Internet Explorer 11. One of them however turns out to already be patched.

The exploits:

[...] a Windows Error Reporting (WER) bug (CVE-2019-0863), was actually patched earlier this month in Microsoft's May Patch Tuesday fixes

[...] zero-day impacting Internet Explorer 11, which could enable bad actors to inject a dynamic link library (DLL) into Internet Explorer."

[...] a bypass for a previously released patch addressing a Windows permissions-overwrite, privilege-escalation flaw (CVE-2019-0841)."

[...] A final flaw is an "installer bypass" issue in Windows update

Not just one's own personal machines need to be considered; it's all the other Windows-based systems that we interact with, too. Might be best to hold off on non-essential transactions for a while?

Original Submission


«  Uber Drivers Coordinate App Usage to Raise Fares
SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day | Log In/Create an Account | Top | 1 comments | Search Discussion
Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 3, Informative) by RamiK on Thursday May 23, @11:34PM

    by RamiK (1813) on Thursday May 23, @11:34PM (#846842)

    As long as typing "download chrome" into the address bar doesn't compromise anything, who cares?

    --
    compiling...
(1)