[ad_1]
A serial editor of Microsoft vulnerabilities of zeroday has abandoned the exploit code for three other uncorrected vulnerabilities, which is a seventh time that the unknown has done so in the past year.
The technical details of vulnerabilities, as well as the exploits of concept validation, are the work of someone who uses the nickname SandBoxEscaper. A local privilege elevation vulnerability in the Windows task scheduler revealed on Tuesday allows an authenticated attacker to obtain SYSTEM privileges on an affected system. On Thursday, the person published a privilege elevation code exploiting a Windows error reporting service bug. Attackers can use it to modify files that would normally be out of bounds. A third exploit, which was also released on Wednesday, works against Internet Explorer 11 and allows attackers to run JavaScript that works with higher system access than is normally allowed by the browser sandbox.
Good deal
Like the other exploits released by SandboxEscaper in the past year, including the one that was processed last August and last October, the recent three do not allow attackers to remotely execute malicious code. However, as security defenses in recent versions of Windows and other operating systems have improved, the value of these types of exploits has increased because they are often the only way to bypass security sandboxes. and other similar protections. Despite some exploit limitations noted transparently by SandBoxEscaper, the information to be provided is important if it works as it is supposed to be based on fully-patched versions of Windows 10.
"Any new privilege escalation on native Windows 10 is a fairly decent contract because most of the vulnerabilities relate to applications that you have placed on the operating system rather than on the operating system itself." Ars, Dardaman, a security researcher in Dallas, told Ars. "If an attacker used an ECN system or some other means, such as phishing, which allowed low-level access to a machine, then he could use one of those attacks to switch to the administrator."
In March, Google reported that an uncorrected privilege escalation vulnerability at the time, in earlier versions of Windows, was being used alongside an unrelated exploit in the Chrome browser. On their own, no exploit could cause much damage, thanks to the built-in protection measures built into Windows and Chrome. Together, these exploits have allowed hackers to remotely execute malicious programs of their choice. Dardaman said that the two privilege escalation vulnerabilities released by SandboxEscaper in the last 24 hours would likely have similar features when combined with the appropriate additional exploit.
SandboxEscaper explained in its Tuesday release that the Task Scheduler vulnerability is exploiting a flaw in the way Task Scheduler handles changes to discretionary access control list permissions for an individual file. A notice issued Wednesday by US Cert confirmed that the exploit was working against the 32-bit and 64-bit versions of Windows 10.
Below the video of the exploit in action:
Here is a demonstration of an increase in privileges on Windows 10 made by US Cert compared to Windows 10. Microsoft has not commented yet. pic.twitter.com/hFP05fqPRM
– Dan Goodin (@ dangoodin001) May 22, 2019
Microsoft representatives have not yet commented on the information released this week, and researchers have not yet confirmed the two exploits released Wednesday against Windows 10 fully corrected. Given the history of SandboxEscaper, users should assume that the exploits are working as expected and stay informed of any new updates or newsletters that will be released in the coming days.
[ad_2]
Source link