Two more Microsoft zero-days uploaded on GitHub

A security researcher going online by the pseudonym of SandboxEscaper has published today demo exploit code for two more Microsoft zero-days after releasing a similar fully-working exploit the day before.

These two mark the sixth and seventh zero-days impacting Microsoft products this security researcher has published in the past ten months, with the first four being released last year, and three over the past two days.

Windows Error Reporting zero-day

The first of the two new zero-days is a vulnerability in the Windows Error Reporting service that SandboxEscaper said it can be exploited via a carefully placed DACL (discretionary access control list) operation.

The researcher named this bug “AngryPolarBearBug2” after a similar zero-day she discovered in the same Windows Error Reporting service last December, and named “AngryPolarBearBug.”

The good news is that this zero-day is not as easy to exploit as the last. “It can take upwards of 15 minutes for the bug to trigger,” SandboxEscaper said.

Once exploited, the zero-day should grant an attacker access to edit files they normally couldn’t. In other words, it’s a local privilege escalation issue, but as SandboxEscaper puts it: “not that much of an issue.”

IE11 zero-day

The second of the Microsoft zero-days that SandboxEscaper published today is one impacting Internet Explorer 11.

Besides the exploit’s source code and a short demo video, only a three-line summary is available for this zero-day.

Per SandboxEscaper, this vulnerability should allow attackers to inject malicious code in Internet Explorer. According to a security researcher who reviewed the exploit for ZDNet, this zero-day is not remotely exploitable, but can only be used to neuter security protections in IE for subsequent attacks, and should be considered a low-impact issue.

Today’s releases come after yesterday, the researcher published proof-of-concept code for another Windows zero-day, a local privilege escalation in the Windows Task Scheduler process.

SandboxEscaper’s list of 2018 zero-days include:

– LPE in Advanced Local Procedure Call (ALPC)
– LPE in Microsoft Data Sharing (dssvc.dll)
– LPE in ReadFile
– LPE in the Windows Error Reporting (WER) system

On her personal blog, the researcher promised to release two more zero-days impacting Microsoft products in the coming days.

More vulnerability reports:

• Windows 10 zero-day exploit code released online
• Google to replace faulty Titan security keys
• A large chunk of Ethereum clients remain unpatched
• Intel CPUs impacted by new Zombieload side-channel attack
• Patch status for the new MDS attacks against Intel CPUs
• Root account misconfigurations found in 20% of top 1,000 Docker containers
• KRACK attack: Here’s how companies are responding CNET
• Top 10 app vulnerabilities: Unpatched plugins and extensions dominate TechRepublic

Article source: https://www.zdnet.com/article/two-more-microsoft-zero-days-uploaded-on-github/#ftag=RSSbaffb68