DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 30, 2020 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 173 people online.

 

Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
 

Follow us
RSS
 

Exploit code for three Windows 0-day bugs get published online

Posted on Thursday, May 23 2019 @ 14:03:43 CEST by


MSFT logo
Over the last couple of days, a hacker only known as SandboxEscaper published exploit code for three unfixed bugs that can be used to attack fully patched Windows 10 systems. This is the seventh time SandboxEscaper has dropped exploit code over the past year.

One of the bugs is a local privilege escalation vulnerability in the Windows Task Scheduler, it allows a hacker to gain SYSTEM level privileges. The second flaw enables unauthorized file modifications via an exploit in the Windows Error Reporting service. Next there's also a vulnerability in Internet Explorer 11 that enables the execution of JavaScript code with higher system access than normally permitted by the browser's sandbox.
Like the other exploits SandboxEscaper has published over the past year—including this one Ars covered last August and this one from last October—the three recent ones don’t allow attackers to remotely execute malicious code. Still, as security defenses in recent versions of Windows and other operating systems have improved, the value of these types of exploits has grown, since they are often the only way to bypass security sandboxes and similar protections. Despite some limitations in the exploit that were transparently noted by SandBoxEscaper, the disclosures are significant if they work as purported against fully patched versions of Windows 10.
Via: ARS Technia



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2020 DM Media Group bvba