Home / Security / Two more Microsoft zero-days uploaded on GitHub

Two more Microsoft zero-days uploaded on GitHub

fragmentsmack-windows.png

A security researcher going online by the pseudonym of SandboxEscaper has published today demo exploit code for two more Microsoft zero-days after releasing a similar fully-working exploit the day before.

These two mark the sixth and seventh zero-days impacting Microsoft products this security researcher has published in the past ten months, with the first four being released last year, and three over the past two days.

Windows Error Reporting zero-day

The first of the two new zero-days is a vulnerability in the Windows Error Reporting service that SandboxEscaper said it can be exploited via a carefully placed DACL (discretionary access control list) operation.

The researcher named this bug “AngryPolarBearBug2” after a similar zero-day she discovered in the same Windows Error Reporting service last December, and named “AngryPolarBearBug.”

The good news is that this zero-day is not as easy to exploit as the last. “It can take upwards of 15 minutes for the bug to trigger,” SandboxEscaper said.

Once exploited, the zero-day should grant an attacker access to edit files they normally couldn't. In other words, it's a local privilege escalation issue, but as SandboxEscaper puts it: “not that much of an issue.”

Unknown IE11 zero-day

The second of the Microsoft zero-days that SandboxEscaper published today is one impacting Internet Explorer 11.

Besides the exploit's source code and a short demo video, only a three-line summary is available for this zero-day.

Per SandboxEscaper, this vulnerability should allow attackers to inject malicious code in Internet Explorer. According to a security researcher who reviewed the exploit for ZDNet, this zero-day is not remotely exploitable, but can be used to neuter security protections in IE for subsequent attacks.

Today's releases come after yesterday, the researcher published proof-of-concept code for another Windows zero-day, a local privilege escalation in the Windows Task Scheduler process.

SandboxEscaper's list of 2018 zero-days include:

LPE in Advanced Local Procedure Call (ALPC)
LPE in Microsoft Data Sharing (dssvc.dll)
LPE in ReadFile
LPE in the Windows Error Reporting (WER) system

On her personal blog, the researcher promised to release two more zero-days impacting Microsoft products in the coming days.

More vulnerability reports:


Source link

About admin

Check Also

Interview with one of the world’s best competitive bug hunters

Team Fluoroacetate: Amat Cama (left), Richard Zhu (right) Image: Trend Micro Zero-Day Initiative In the ...

Leave a Reply

Your email address will not be published. Required fields are marked *