SandboxEscaper, a controversial security researcher that has been releasing zero-day exploits for Windows since last year on Twitter and GitHub, has released three other zero-day exploits and promised to reveal more soon.
New Windows Error Reporting Service Zero-Day Flaw
One of the latest zero-day flaws that SandboxEscaper revealed is related to a vulnerability in the Windows Error Reporting service that she said can be exploited via a discretionary access control list operation. The DACL is an internal list attached to an object in Active Directory that specifies which users and groups can access the object and what kinds of operations they can perform.
The researcher named the flaw AngryPolarBearBug2, implying it to be a successor to a previous Windows Error Reporting service flaw she found last December, which she named AngryPolarBearBug.
According to the researcher, the bug isn’t very easy to exploit, and it can take upwards of 15 minutes for it to trigger. Following the activation of the exploit, an attacker can edit any Windows file, including system executables.
Internet Explorer 11 Zero-Day Flaw
Another vulnerability revealed by SandboxEscaper is one affecting Internet Explorer 11, a browser Microsoft continues to use in Windows 10 for legacy purposes. By abusing this flaw, attackers would be able to inject malicious code in Internet Explorer. The attack doesn’t seem to be remotely exploitable, but attackers could still make use of it in their exploit-chains when they try to take over Windows systems through the IE11 browser. SandboxEscaper released a video demo of how the attack works on GitHub.
The researcher released another local privilege escalation bug in the Windows Task Scheduler earlier this week and promised to reveal two more Windows zero-day flaws shortly.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks
Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers
I always wonder how often these guys actually communicate with Microsoft or the other companies. It seems most of these bugs and /or flaws just get released to the public to become ways for hackers and scammers to screw people over.Reply
I highly doubt Microsoft, with proof, would prefer to see that. Instead I bet they would want to fix it before some nasty person messes up a bunch of peoples systems.
Sounds like someone who has a grudge against microsoft. Also, seems like a few things have to happen for these exploits to work, but it's hard to tell from the explanations.Reply
Yep, that's right. See https://www.microsoft.com/en-us/msrc/bounty for their bug bounty program.jimmysmitty said:I highly doubt Microsoft, with proof, would prefer to see that. Instead I bet they would want to fix it before some nasty person messes up a bunch of peoples systems.