A security researcher going online by the pseudonym of SandboxEscaper has published today demo exploit code for two more Microsoft zero-days after releasing a similar fully-working exploit the day before[1].
These two mark the sixth and seventh zero-days impacting Microsoft products this security researcher has published in the past ten months, with the first four being released last year, and three over the past two days.
Windows Error Reporting zero-day
The first of the two new zero-days is a vulnerability in the Windows Error Reporting service that SandboxEscaper said it can be exploited via a carefully placed DACL (discretionary access control list) operation.
The researcher named this bug "AngryPolarBearBug2[2]" after a similar zero-day she discovered in the same Windows Error Reporting service last December, and named "AngryPolarBearBug."
The good news is that this zero-day is not as easy to exploit as the last. "It can take upwards of 15 minutes for the bug to trigger," SandboxEscaper said.
Once exploited, the zero-day should grant an attacker access to edit files they normally couldn't. In other words, it's a local privilege escalation issue, but as SandboxEscaper puts it: "not that much of an issue."
Unknown IE11 zero-day
The second of the Microsoft zero-days that SandboxEscaper published today is one impacting Internet Explorer 11[3].
Besides the exploit's source code and a short demo video, only a three-line summary is available for this zero-day.
Per SandboxEscaper, this vulnerability should allow attackers to inject malicious code in Internet Explorer. According to a security researcher who reviewed the exploit for ZDNet, this zero-day is not remotely exploitable, but can be used to neuter security protections in IE for subsequent attacks.
Today's releases come after yesterday,