720-891-1663
Return to the list of client alerts
The bug hunter known as Sandbox Escaper, who seems, for the most part to be off his/her meds, has released yet another Zero-Day, this time for Windows 10 and the related server versions and has published exploit code on Github. Even if Microsoft, which owns Github, takes it down, there are so many other ways to get the code out, that stopping it that way won’t work.
The exploit allows a normal user – such as a piece of malware operating under the user’s credentials – to become a superuser. DHS/CERT verified that the exploit works on fully patched Windows 10 and Server 2016/2019 systems.
There is even a video of the exploit in action.
There is no patch for this.
He/She (it is not clear which on Sandbox Escaper prefers) has an ongoing vendetta against Microsoft for something they did to him/her.
He/She says that there are more where this one came from – at least four more. At least.
For now, the best you can do is increase your alert status, but this is a bit worrisome since Sandbox Escaper released the exploit code.
He/She is willing to sell these new zero-days — just not to western governments. NICE!
Source: The Register.