Researcher Released Two Zero-day Vulnerability for Windows
SandboxEscaper Released Two Zero-days vulnerabilities for Microsoft Windows 10
Firstly, he released a exploit code for the local privilege escalation that utilize the windows 10 Task Scheduler. This flaws allows attacker to gain access to the files to which users didn't have.
After this SandboxEscaper published another two Zero-days vulnerabilities, one local privilege escalation vulnerability in Windows Error Reporting and a sandbox escape vulnerability for Internet Explorer 11.
Windows Error Reporting LPE bug
This local privilege escalation bug is also knwon as AngryPolarBearBug2, which exploits a bug in Windows Error Reporting system of Windows 10. This Zero-day works by exploiting race condition between two function calls in order to create a hardlink with elevated permission to a file of the attackers choice. This could allow the attacker to modify or delete a file they do not normally have access to.
According to the POC published by SanboxEscaper, when the exploit succeeds it will make the C:\Windows\System32\drivers\pci.sys writable by a non-admin.
The only relaxation point in researcher notes for this bug is that its hard to exploit the vulnerability, as it may take up to 15 minutes for the exploit to trigger and even then it may not work.
"The race condition is incredibly hard to win. I havn't tested on another setup.. but you definitely need multiple processor cores and you may have to wait minutes for it to work (It can take a really long time.. ). Anyway... in an LPE scenario time is not that much of an issue."Sandbox Escape Vulnerability for Internet Explorer 11.
At the time of writing, there is no patch available for these vulnerabilities and users have to wait for Microsoft to release the patch. Microsoft may release the patches for these flaws on upcoming security updates or may be release under emergency updates.