Researcher SandboxEscaper discovers multiple Windows flaws

Soon after Zero-day discovery within Windows, the hacker has released a code for multiple other Windows vulnerabilities

Few zero-day vulnerabilities in Microsoft Windows revealed by SandboxEscaper in only 24 hours of time

An online researcher who has been working behind the pseudonym SandboxEscaper discovered a few Microsoft Windows flaws. When a particular zero-day flaw was found and taken care of on the 22nd of May, some other vulnerabilities were discovered in Microsoft's Windows Error Reporting service and the 11th version of Internet Explorer web browser app.

At the time when releasing an exploit for a bug found in the Task Scheduler utility,^[1] the online hacker SandboxEscaper stated that she had found other Windows-related vulnerabilities two for which exploits have already been released to the public.

The flaw in Internet Explorer 11

Internet Explorer 11 includes one of the zero-day vulnerabilities that have been discovered by SandboxEscaper. Talking about the bug in Microsoft's web browser application is explained in details on a video.^[2] In there, it is revealed that the flaw appears whenever a malware-laden DLL file is launched on the web browser.

This activity aims to let a bad actor overrun the Internet Explorer protection sandbox and launch malicious code by gaining specific integrity permission. The researcher claims that such vulnerability is not a critical one but still needs to be taken care of as all of the other flaws. Microsoft is going to release the patch to fix it on June 11th, 2019.

Microsoft Windows bug – AngryPolarBearBug2

This vulnerability is also one of the latest discovered flaws within the Windows Error Reporting service. Criminals can misuse this type of weakness by using the DACL (discretionary access control list) operating principle that is used for user or group permission identification to a certain type of system or device.

AngryPolarBearBug2 vulnerability^[3] allows managing any types of files and documents that are located on the targeted Windows computer system. This type of activity also includes executables that run critical processes which can usually be terminated only by the system administrator or a user who has privileges to do so.

This flaw is related to a very similar one which has been discovered by SandboxEscaper last year. AngryPolarBearBug2 has also be named after its predecessor, known as AnglyPolarBearBug that permitted criminals to access targeted computer systems and rewrite any type of file that has been located on the machine.

However, there has been some speculations that the AnglyPolarBearBug2 vulnerability is actually not a zero-day. A cybersecurity researcher from Palo Alto Networks claimed that this flaw has already been patched and has been named as CVE-2019-0863^[4] in May 2019 when Microsoft released a report about recent security updates and changes.^[5]

SandboxEscaper released exploits for the other two

Talking about the other two unpatched vulnerabilities that have been recently discovered by SandboxEscaper, she has already released PoC exploits for these flaws. The number of zero-day flaws that have been taken care of in the past day levels up to four in total. The first update turned out to be even better than the patch that Microsoft had released for the CVE-2019-0841^[6] flaw.

Additionally, there are video-based instructions for the patching of the two vulnerabilities that have been released by SandboxEscaper; however, these video clips are still waiting for required confirmation as cybersecurity experts need to take a closer look to the newly discovered flaws.