Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw


An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system.

SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed over half a dozen zero-day vulnerabilities in Windows OS without actually bothering to make Microsoft aware of the issues first.

Just two weeks ago, the hacker disclosed four new Windows exploits, one of which was an exploit that could allow attackers to bypass a patched elevation of privilege vulnerability (CVE-2019-0841) in Windows that existed when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.

Read more…
Source:  The Hacker News