Cybersecurity experts have just announced that an anonymous hacker, known as “SandboxEscaper”, has found and released 4 new unpatched Microsoft zero-day vulnerabilities.
SandboxEscaper has a history of releasing fully functional zero-day vulnerabilities in the Windows operating system.
Two of these new zero-day vulnerabilities impacts on Microsoft’s Windows Error Reporting service and Internet Explorer 11.
It seems that Windows 10 has a long string of never-ending problems, except from this 4 new 0-day exploits, last week it was found another one; that one represents a local privilege escalation bug in Task Scheduler utility.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
The first of the four vulnerabilities, AngryPolarBearBug2, is a Microsoft zero-day that affects the Windows Error Reporting service which can be exploited using a discretionary access control list (DACL) operation.
If this service is exploited, a hacker can then delete or edit any Windows file, including system executables, which otherwise only a privileged user can do.
The only good news regarding this vulnerability is that it is not very easy to exploit, and it can take up to 15 minutes for the bug to successfully affect a system.
The second Microsoft zero-day vulnerability impacts Microsoft’s web browser, Internet Explorer 11 (IE11). The vulnerability exists due to an error when the vulnerable browser handles a maliciously crafted DLL file. This maliciously crafted file allows a hacker to bypass IE Protected Mode sandbox and execute arbitrary code with Medium integrity permissions.
Another 0-day, Deletebug, comes in the form of an exploit which impacts the Microsoft’s Data Sharing Service (dssvc.dll).
Regarding this new problems Microsoft’s spokesman has just announced that AngryPolarBearBug2 bug is not a zero-day; instead, it has already been patched, identified as CVE-2019-0863, by Microsoft in May 2019 Patch Tuesday security updates. However, SandboxEscaper has just released PoC exploits for two more new unpatched zero-day vulnerabilities in Microsoft Windows.
The last of the 4 exploits is a new exploit that bypasses the patch Microsoft released for an elevation of privilege vulnerability (CVE-2019-0841) in Windows that existed when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. pic.twitter.com/kgFhl8uBQy
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.