Microsoft fixes 4 out of 5 of SandboxEscaper's Zero-day bugs

Reading time icon 1 min. read

Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Hacker SandboxEscaper has been a thorn in Microsoft’s side these last few months, repeatedly releasing privilege escalation exploits for Windows without any respect for the usual 90-day disclosure process.

That has kept Microsoft’s patchers hoping, but the company managed to fix 4 out of the 5 exploits SandboxEscaper has released proof of concept code for.

Zero-day name CVE Description
BearLPE CVE-2019-1069  LPE exploit in the Windows Task Scheduler process
SandboxEscape CVE-2019-1053 Sandbox escape for Internet Explorer 11
CVE-2019-0841-BYPASS CVE-2019-1064 Bypass of the CVE-2019-0841 patch
InstallerBypass CVE-2019-0973 LPE targeting the Windows Installer folder

A fifth was not ready in time, but it is notable that Microsoft patched 88 vulnerabilities this month, of which 21 were critical.  None were however exploited in the wild, including the Zero-day ones released by SandboxEscaper.

To keep your PC protected Check for Update in Settings.

via ZDNet

More about the topics: exploits, security, windows