New Windows Zero-Day Flaws Revealed By Controversial Researcher
SandboxEscaper, a controversial security researcher that has been releasing zero-day exploits for Windows since last year on Twitter and GitHub, has released three other zero-day exploits and promised to reveal more soon.
New Windows Error Reporting Service Zero-Day Flaw
One of the latest zero-day flaws that SandboxEscaper revealed is related to a vulnerability in the Windows Error Reporting service that she said can be exploited via a discretionary access control list operation. The DACL is an internal list attached to an object in Active Directory that specifies which users and groups can access the object and what kinds of operations they can perform.
The researcher named the flaw AngryPolarBearBug2, implying it to be a successor to a previous Windows Error Reporting service flaw she found last December, which she named AngryPolarBearBug.
According to the researcher, the bug isn’t very easy to exploit, and it can take upwards of 15 minutes for it to trigger. Following the activation of the exploit, an attacker can edit any Windows file, including system executables.
Internet Explorer 11 Zero-Day Flaw
Another vulnerability revealed by SandboxEscaper is one affecting Internet Explorer 11, a browser Microsoft continues to use in Windows 10 for legacy purposes. By abusing this flaw, attackers would be able to inject malicious code in Internet Explorer. The attack doesn’t seem to be remotely exploitable, but attackers could still make use of it in their exploit-chains when they try to take over Windows systems through the IE11 browser. SandboxEscaper released a video demo of how the attack works on GitHub.
The researcher released another local privilege escalation bug in the Windows Task Scheduler earlier this week and promised to reveal two more Windows zero-day flaws shortly.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
USB-C cable CT scan reveals sinister active electronics — O.MG pen testing cable contains a hidden antenna and another die embedded in the microcontroller
Hackers breach Wi-Fi network of U.S. firm from Russia — daisy chain attack jumps from network to network to gain access from thousands of miles away
-
jimmysmitty I always wonder how often these guys actually communicate with Microsoft or the other companies. It seems most of these bugs and /or flaws just get released to the public to become ways for hackers and scammers to screw people over.Reply
I highly doubt Microsoft, with proof, would prefer to see that. Instead I bet they would want to fix it before some nasty person messes up a bunch of peoples systems. -
thegriff Sounds like someone who has a grudge against microsoft. Also, seems like a few things have to happen for these exploits to work, but it's hard to tell from the explanations.Reply -
AndrewJacksonZA
Yep, that's right. See https://www.microsoft.com/en-us/msrc/bounty for their bug bounty program.jimmysmitty said:I highly doubt Microsoft, with proof, would prefer to see that. Instead I bet they would want to fix it before some nasty person messes up a bunch of peoples systems.