Microsoft fixes 4 out of 5 of SandboxEscaper's Zero-day bugs

Home » News

Reading time icon 1 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Hacker SandboxEscaper has been a thorn in Microsoft’s side these last few months, repeatedly releasing privilege escalation exploits for Windows without any respect for the usual 90-day disclosure process.

That has kept Microsoft’s patchers hoping, but the company managed to fix 4 out of the 5 exploits SandboxEscaper has released proof of concept code for.

Zero-day name CVE Description
BearLPE CVE-2019-1069  LPE exploit in the Windows Task Scheduler process
SandboxEscape CVE-2019-1053 Sandbox escape for Internet Explorer 11
CVE-2019-0841-BYPASS CVE-2019-1064 Bypass of the CVE-2019-0841 patch
InstallerBypass CVE-2019-0973 LPE targeting the Windows Installer folder

A fifth was not ready in time, but it is notable that Microsoft patched 88 vulnerabilities this month, of which 21 were critical.  None were however exploited in the wild, including the Zero-day ones released by SandboxEscaper.

To keep your PC protected Check for Update in Settings.

via ZDNet

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.

User forum

0 messages