Hacker SandboxEscaper has been a thorn in Microsoft’s side these last few months, repeatedly releasing privilege escalation exploits for Windows without any respect for the usual 90-day disclosure process.
That has kept Microsoft’s patchers hoping, but the company managed to fix 4 out of the 5 exploits SandboxEscaper has released proof of concept code for.
| Zero-day name | CVE | Description |
|---|---|---|
| BearLPE | CVE-2019-1069 | LPE exploit in the Windows Task Scheduler process |
| SandboxEscape | CVE-2019-1053 | Sandbox escape for Internet Explorer 11 |
| CVE-2019-0841-BYPASS | CVE-2019-1064 | Bypass of the CVE-2019-0841 patch |
| InstallerBypass | CVE-2019-0973 | LPE targeting the Windows Installer folder |
A fifth was not ready in time, but it is notable that Microsoft patched 88 vulnerabilities this month, of which 21 were critical. None were however exploited in the wild, including the Zero-day ones released by SandboxEscaper.
To keep your PC protected Check for Update in Settings.
via ZDNet