Hacker SandboxEscaper has been a thorn in Microsoft’s side these last few months, repeatedly releasing privilege escalation exploits for Windows without any respect for the usual 90-day disclosure process.

That has kept Microsoft’s patchers hoping, but the company managed to fix 4 out of the 5 exploits SandboxEscaper has released proof of concept code for.

Zero-day nameCVEDescription
BearLPECVE-2019-1069 LPE exploit in the Windows Task Scheduler process
SandboxEscapeCVE-2019-1053Sandbox escape for Internet Explorer 11
CVE-2019-0841-BYPASSCVE-2019-1064Bypass of the CVE-2019-0841 patch
InstallerBypassCVE-2019-0973LPE targeting the Windows Installer folder

A fifth was not ready in time, but it is notable that Microsoft patched 88 vulnerabilities this month, of which 21 were critical.  None were however exploited in the wild, including the Zero-day ones released by SandboxEscaper.

To keep your PC protected Check for Update in Settings.

via ZDNet

Comments