Microsoft fixes 4 out of 5 of SandboxEscaper’s Zero-day bugs


11, 2019

Hacker SandboxEscaper has been a thorn in Microsoft’s side these last few months, repeatedly releasing privilege escalation exploits for Windows without any respect for the usual 90-day disclosure process.

That has kept Microsoft’s patchers hoping, but the company managed to fix 4 out of the 5 exploits SandboxEscaper has released proof of concept code for.

Zero-day name CVE Description
BearLPE CVE-2019-1069  LPE exploit in the Windows Task Scheduler process
SandboxEscape CVE-2019-1053 Sandbox escape for Internet Explorer 11
CVE-2019-0841-BYPASS CVE-2019-1064 Bypass of the CVE-2019-0841 patch
InstallerBypass CVE-2019-0973 LPE targeting the Windows Installer folder

A fifth was not ready in time, but it is notable that Microsoft patched 88 vulnerabilities this month, of which 21 were critical.  None were however exploited in the wild, including the Zero-day ones released by SandboxEscaper.

To keep your PC protected Check for Update in Settings.

via ZDNet

Leave a Reply

Your email address will not be published. Required fields are marked *

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}