Security Alerts Microsoft 0-Day Vulnerabilities

Thursday, May 23, 2019

Three 0-day vulnerabilities in Microsoft Windows have been publicly disclosed over the past 24 hours by anonymous hacker “SandboxEscaper”. The first vulnerability was published on GitHub with a Proof-of-concept (PoC) video that highlights a privilege escalation issue that could allow a local attacker or malware to run code with administrative system privileges on the targeted machines, eventually allowing the attacker to gain full control of the machine. The vulnerability resides in Tash Scheduler, a utility that enables Windows users to schedule the launch of programs or scripts at a predefined time or after specified time intervals.

The second vulnerability affects Microsoft Windows Error Reporting service which could allow an attacker the ability to delete or edit any Windows file, including system executables, which otherwise only a privileged user can do. Given the name AngryPolarBearBug2, the vulnerability is a successor to a previous Windows Error Reporting service vulnerability found late last year, which was named AngryPolarBearBug and allowed a local, unprivileged attacker to overwrite any chosen file on the system.

The third and final vulnerability affects Microsoft’s Internet Explorer 11 and although the details about this flaw are unknown, it could allow an attacker to bypass IE Protected mode and execute arbitrary code with Medium integrity permissions due to the way the browser handles a maliciously crafted DLL file. There are currently no patches for these vulnerabilities and no known cases of these being exploited in the wild, users can expect to see patches from Microsoft in next month’s patch Tuesday.