A specialist in IT
security audit services known under the pseudonym of SandboxEscaper has
just revealed new zero-day vulnerabilities in Windows;
this is the third consecutive day that the investigator reveals the discovery
of new flaws in the operating system.
The investigator published in her GitHub
account the code of a proof of concept for two zero-day vulnerabilities, plus a
step-by-step explanation for using these exploits. The investigator has found
eight zero-day vulnerabilities in the last ten months.
It is worth noting that SandboxEscaper has
reported zero day flaws in the last three days, which she also published on her
GitHub profile. According to IT security audit services specialists, the
vulnerabilities reported are:
local privilege escalation vulnerability in the Windows Task Scheduler
from the sandbox for Internet Explorer
privilege escalation flaw in the Windows Error Reporting Service (Microsoft
patched this vulnerability shortly before the investigator published her exploitation
As for her most recent findings, the first
vulnerability is a method to bypass the security patch that the company launched
for the CVE-2019-0841 flaw. This vulnerability allows users with reduced
privileges to hijack higher privilege files, overwriting permissions on the
The second reported vulnerability is targeted
against the Windows Installer folder. SandboxEscaper explains that there is a
very short period of time in which it is possible to hijack the repair process
of Windows applications to inject files into unauthorized areas of the
operating system. The vulnerability abuses the MSIEXEC/FA operation to inject
malware and control the computers that hackers have previously accessed through
a low-privilege account.
According to IT security audit services specialists from the International Institute of Cyber Security (IICS), these two vulnerabilities could generate serious problems for Windows system administrators, unlike the flaws previously published by SandboxEscaper, whose exploitation was considered as unlikely or highly complex. However, the IT security audit services specialist points out that the exploitation of the second vulnerability reported yesterday is also unlikely, because the window of time to exploit the vulnerable process is really reduced.