zero-day
vulnerability in Windows 10, the anonymous hacker going by
online alias “SandboxEscaper” has now dropped new exploits for two
more unpatched Microsoft zero-day vulnerabilities.
The two new zero-day vulnerabilities affect Microsoft’s Windows
Error Reporting service and Internet Explorer 11.
Just yesterday, while releasing a Windows 10 zero-day exploit
for a local privilege escalation bug in Task Scheduler utility,
SandboxEscaper claimed to have discovered four more zero-day bugs,
exploits for two has now been publicly released.
AngryPolarBearBug2 Windows Bug
One of the latest Microsoft zero-day vulnerabilities resides in the
Windows Error Reporting service that can be exploited using a
discretionary access control list (DACL) operation—a mechanism that
identifies users and groups that are assigned or denied access
permissions to a securable object.
Upon successful exploitation, an attacker can delete or edit any
Windows file, including system executables, which otherwise only a
privileged user can do.
Dubbed AngryPolarBearBug2[2]
by the hacker, the vulnerability is a successor to a previous
Windows Error Reporting service vulnerability she found late last
year, which was named AngryPolarBearBug and allowed a local,
unprivileged attacker to overwrite any chosen file on the
system.
However, as SandboxEscaper says, this vulnerability is not very
easy to exploit, and it “can take upwards of 15 minutes for the bug
to trigger.”
“I guess a more determined attacker might be able to make it
more reliable,” the hacker said. “It is just an insanely small
window in which we can win our race; I wasn’t even sure if I could
ever exploit it at all.”
Internet Explorer 11 Sandbox Bypass
The second Microsoft zero-day vulnerability revealed today by
SandboxEscaper affects Microsoft’s web browser, Internet Explorer
11 (IE11). Though the exploit note
doesn’t contain any detail about this flaw, a video demonstration
released by the hacker shows the vulnerability exists due to an
error when the vulnerable browser handles a maliciously crafted DLL
file.
This would eventually allow an attacker to bypass IE Protected
Mode sandbox and execute arbitrary code with Medium integrity
permissions.
Though all three unpatched zero-day vulnerabilities SandboxEscaper
released within last 24-hours are not critical, user can expect
security updates from Microsoft on 11 June, the company’s next
month patch Tuesday.
SandboxEscaper has a history of releasing fully functional
zero-day
vulnerabilities in Windows[4]
operating system. Last August, she debuted another Windows Task
Scheduler vulnerability[5]
on Twitter, which hackers quickly started exploiting in the wild in
a spy campaign after disclosure.
Later in October, 2018, the hacker released an exploit for a
then zero-day vulnerability in Microsoft’s Data Sharing Service
(dssvc.dll), which she dubbed “Deletebug[6].” In December,
2018, she released two more zero-day
vulnerabilities[7]
in Windows operating system.
You can expect two more Microsoft zero-day vulnerabilities from
SandboxEscaper in the coming days, as she promised to release
them.
References
- ^
zero-day vulnerability in Windows
10 (thehackernews.com) - ^
AngryPolarBearBug2
(github.com) - ^
exploit note
(github.com) - ^
zero-day vulnerabilities in Windows
(thehackernews.com) - ^
Windows Task Scheduler
vulnerability (thehackernews.com) - ^
Deletebug
(thehackernews.com) - ^
zero-day vulnerabilities
(thehackernews.com)
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/nkohB1sdxOY/microsoft-zero-day-vulnerability.html