SandboxEscaper is back with a new Zero-Day Exploit

Home » News

Reading time icon 1 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

SandboxEscaper is back with a new Privilege Escalation Exploit.

On this occasion, she defeated a patch which Microsoft released in April for CVE-2019-0841, and as usual, released the exploit with proof-of-concept exploit code.

Thankfully the exploit requires code running on a local machine, vs a remote exploit, but will allow hackers with limited privileges to gain full control of a protected file, such as WIN.ini in her demo exploit.

CERT/CC has confirmed the exploit works on Windows 10 versions 1809 and 1903 running the latest security updates from Microsoft.

A video of the exploit can be seen below:

SandboxEscaper has so far released 9 zero-day exploits since August 2018, and according to a somewhat unhinged message on her website still has another up her sleeve.

Via BleepingComputer

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.

User forum

0 messages