SandboxEscaper, a controversial security researcher that has been releasing zero-day exploits for Windows since last year on Twitter and GitHub, has released three other zero-day exploits and promised to reveal more soon.
New Windows Error Reporting Service Zero-Day Flaw
One of the latest zero-day flaws that SandboxEscaper revealed is related to a vulnerability in the Windows Error Reporting service that she said can be exploited via a discretionary access control list operation. The DACL is an internal list attached to an object in Active Directory that specifies which users and groups can access the object and what kinds of operations they can perform.
The researcher named the flaw AngryPolarBearBug2, implying it to be a successor to a previous Windows Error Reporting service flaw she found last December, which she named AngryPolarBearBug.
According to the researcher, the bug isn’t very easy to exploit, and it can take upwards of 15 minutes for it to trigger. Following the activation of the exploit, an attacker can edit any Windows file, including system executables.
Internet Explorer 11 Zero-Day Flaw
Another vulnerability revealed by SandboxEscaper is one affecting Internet Explorer 11, a browser Microsoft continues to use in Windows 10 for legacy purposes. By abusing this flaw, attackers would be able to inject malicious code in Internet Explorer. The attack doesn’t seem to be remotely exploitable, but attackers could still make use of it in their exploit-chains when they try to take over Windows systems through the IE11 browser. SandboxEscaper released a video demo of how the attack works on GitHub.
The researcher released another local privilege escalation bug in the Windows Task Scheduler earlier this week and promised to reveal two more Windows zero-day flaws shortly.