Serial publisher of Windows 0-days drops exploits for 2 more unfixed flaws

by
Dan Goodin
from Ars Technica - All content on (#4FPCS)
windows-0day-demo-800x462.jpg

Enlarge (credit: SandboxEscaper)

Update: One of the two exploits published on Wednesday has now been confirmed to exploit a Windows vulnerability that Microsoft patched in this month's Update Tuesday release cycle. The flaw involving the Windows Error Reporting service was previously described as CVE-2019-0863, Gal De Leon, the researcher Microsoft credited with discovering the vulnerability, said on Twitter. Researchers with "micropatching" service 0patch have confirmed that the other exploit published on Wednesday, an IE 11 sandbox bypass, does indeed work on a fully patched Windows 10 system.

The headline of this post has been changed to reflect this new information. What follows is the story as it appeared earlier, with the exception of the last paragraph, which has also been changed to reflect the new information.

A serial publisher of Microsoft zeroday vulnerabilities has dropped exploit code for three more unpatched flaws, marking the seventh time the unknown person has done so in the past year.

Read 7 remaining paragraphs | Comments

index?i=p61seJSFPNY:7hiPscBQOhg:V_sGLiPB index?i=p61seJSFPNY:7hiPscBQOhg:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments