Three more Windows 10 zero-days dropped by SandboxEscaper, aka Polar Bear

clock • 3 min read

More exploit code released by security researcher, including three zero-days and one only patched by Microsoft earlier this month

SandboxEscaper, the security researcher behind the Windows 10 Task Scheduler zero-day security flaw released this week, has made good on her promise to release exploit code for four more vulnerabilities.

Three of them take advantage of zero-day security flaws she has found, while the fourth was patched by Microsoft earlier this month. 

She announced the releases today on her blog where she also uploaded a video of REM's ‘It's the End of the World as we Know it (And I Feel Fine)' to accompany it.

She also wrote:

"Uploaded the remaining bugs.

burning bridges. I just hate this world.

ps: that last windows error reporting bug was apparently patched this month. Other 4 bugs on github are still 0days. have fun.

Bye."

The GitHub proof-of-concepts include three Windows local privilege escalation (LPE) security flaws and a sandbox-escape vulnerability in Internet Explorer 11, although one of the LPEs was patched in Microsoft's May Patch Tuesday. One of two aliases given for the credit - Polar Bear - indicates that SandboxEscaper forwarded details of the flaw to Microsoft.

The patched flaw a LPE targetting the Windows Error Reporting service, CVE-2019-0863, which was given a CVSS 3.0 severity score of 7.8 (high).


AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.


The Internet Explorer 11 flaw enables attackers to inject DLLs into IE. "The third is a bypass for a previously released patch addressing a Windows permissions-overwrite, privilege-escalation flaw (CVE-2019-0841). The bug exists because Windows AppX Deployment Service (AppXSVC) improperly handles hard links," according to Threatpost.

The final flaw is an ‘installer bypass' issue with Windows Update.

"Figure out how this works for yourself. I can't be bothered. It's a really hard race, doubt anyone will be able to repro[duce it] anyway. Could be used with malware, you could programmatically trigger the rollback. Maybe you can even pass the silent flag to hide installer user interface and find another way to trigger rollback," SandboxEscaper writes on GitHub, adding that exploitation is based on "a really small timing window".

In her blog, SandboxEscaper also indicated that she was in the market to sell flaws to "people who hate the US", a move made in apparent response to FBI subpoenas against her Google account.

Computing and CRN have united to present the Women in Tech Festival UK 2019, on 17 September in London.

The event will celebrate successful women in the IT industry, enabling attendes to hear about, and to share, personal experiences of professional journeys and challenges.

Whether you're the ‘Next Generation', an ‘Inspirational Leader', or an ‘Innovator of Tech' this event will offer inspiration on not only how to improve yourself, but how to help others too.  The event is FREE for qualifying IT pros, but places will go fast

You may also like
WebAssembly heralds 'third wave of cloud computing'

Cloud and Infrastructure

Wasm: 'Speed and agility is the name of the game'

clock 26 March 2024 • 3 min read
Microsoft rushes emergency updates to address Windows Server crashes

Operating Systems

Problems caused by latest Patch Tuesday update

clock 25 March 2024 • 2 min read
Redis shifts to dual source-available licensing model

Open Source

CSPs hosting Redis solutions will now be required to enter into commercial agreements

clock 22 March 2024 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

You need to lock down cyber-physical systems: Here's how and why

You need to lock down cyber-physical systems: Here's how and why

Cybersecurity should focus on OT as well as IT

Samara Lynn
clock 27 March 2024 • 3 min read
China Crisis: Government blames China for Electoral Commission cyberattack

China Crisis: Government blames China for Electoral Commission cyberattack

Also accuses Chinese state-affiliated actors of trying to hack MPs emails

Penny Horwood
clock 26 March 2024 • 5 min read
A cyber-focused attorney on why 'Data is the hot potato'

A cyber-focused attorney on why 'Data is the hot potato'

Shawn Tuma, partner and co-chair of the data privacy and cybersecurity practice group at Spencer Fane LLP, shares some tips on cybersecurity for companies to follow.

Samara Lynn
clock 26 March 2024 • 3 min read