We reported two days ago that SandboxEscaper, who had released a number of exploits for Windows 10, was promising to release a few more, and the hacker made good on this yesterday, releasing 3 more unpatched exploits for the operating system and one which was fortunately patched already earlier this month. According to her blog,…
We reported two days ago that SandboxEscaper, who had released a number of exploits for Windows 10, was promising to release a few more, and the hacker made good on this yesterday, releasing 3 more unpatched exploits for the operating system and one which was fortunately patched already earlier this month.
According to her blog, SandboxEscaper said she was in the market to sell flaws to “people who hate the US”, apparently in response to FBI subpoenas against her Google account.
The GitHub proof-of-concepts includes three Windows local privilege escalation (LPE) security flaws and a sandbox-escape vulnerability in Internet Explorer 11, although one of the LPEs was patched in Microsoft’s May Patch Tuesday. It appears on at least one occasion SandboxEscaper forwarded details of the flaw to Microsoft.
The bugs include a Local Privilege Escalation bug targetting the Windows Error Reporting service, CVE-2019-0863, which was given a CVSS 3.
