Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias “SandboxEscaper” has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities.
The two new zero-day vulnerabilities affect Microsoft’s Windows Error Reporting service and Internet Explorer 11.
Just yesterday, while releasing a Windows 10 zero-day exploit for a local privilege escalation bug in Task Scheduler utility, SandboxEscaper claimed to have discovered four more zero-day bugs, exploits for two has now been publicly released.
AngryPolarBearBug2 Windows Bug
One of the latest Microsoft zero-day vulnerabilities resides in the Windows Error Reporting service that can be exploited using a discretionary access control list (DACL) operation—a mechanism that identifies users and groups that are assigned or denied access permissions to a securable object.
Upon successful exploitation, an attacker can delete or edit any Windows file, including system executables, which otherwise only a privileged user can do.
Dubbed AngryPolarBearBug2 by the hacker, the vulnerability is a successor to a previous Windows Error Reporting service vulnerability she found late last year, which was named AngryPolarBearBug and allowed a local, unprivileged attacker to overwrite any chosen file on the system.
However, as SandboxEscaper says, this vulnerability is not very easy to exploit, and it “can take upwards of 15 minutes for the bug to trigger.”
“I guess a more determined attacker might be able to make it more reliable,” the hacker said. “It is just an insanely small window in which we can win our race; I wasn’t even sure if I could ever exploit it at all.”
images from Hacker News