Home United States USA — software Three more Windows 10 zero-days dropped by SandboxEscaper

Three more Windows 10 zero-days dropped by SandboxEscaper

231
0
SHARE

More exploit code released by security researcher, including three zero-days and one only patched by Microsoft this month
SandboxEscaper, the security researcher behind the Windows 10 Task Scheduler zero-day security flaw released this week, has made good on her promise to release exploit code for four more vulnerabilities.
Three of them take advantage of zero-day security flaws she has found, while the fourth was patched by Microsoft earlier this month.
She announced the releases today on her blog where she also uploaded a video of REM’s ‘It’s the End of the World as we Know it (And I Feel Fine)’ to accompany it.
She also wrote:
“Uploaded the remaining bugs.
burning bridges. I just hate this world.
ps: that last windows error reporting bug was apparently patched this month. Other 4 bugs on github are still 0days. have fun.
Bye.”
The GitHub proof-of-concepts include three Windows local privilege escalation (LPE) security flaws and a sandbox-escape vulnerability in Internet Explorer 11, although one of the LPEs was patched in Microsoft’s May Patch Tuesday.

Continue reading...