Jump to content
QuoVadis

Windows zero-day exploit gets temporary micropatch

Recommended Posts

During the last two weeks of December, a security enthusiast who uses the online handle SandboxEscaper released details and proof-of-concept exploit code for two privilege escalation vulnerabilities in Windows. Researchers from ACROS Security have released a temporary “micropatch” for one of them through 0patch, a service that provides in-memory binary patching for zero-day flaws, and they are currently testing a patch for the secondary issue as well.

 

One of SandboxEscaper’s vulnerabilities allows a low-privileged user to read any file on the system, including those belonging to other users. The exploit abuses a Windows feature called MsiAdvertiseProduct that performs operations with SYSTEM privileges, so it can lead to information disclosure, especially if attackers know the path to potentially sensitive files they can expose.

 

The second vulnerability is even more serious and allows low-privileged users to overwrite arbitrary files as SYSTEM, potentially leading to arbitrary code execution with the highest possible privilege. This flaw has been dubbed the AngryPolarBearBug and is the one that 0patch.com has released a micropatch for.

 

https://github.com/SandboxEscaper/randomrepo

 

https://www.techcentral.ie/windows-zero-day-exploit-gets-temporary-micropatch/

 

  • Upvote 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...