A notorious Windows exploit developer known by the moniker SandboxEscaper has released a new exploit that allows users with limited privileges to obtain complete control over files that can otherwise only be altered by admin accounts and system processes. The zero-day flaw affects the Task Scheduler utility and is relatively easy to exploit.
The exploit is already the fifth Windows zero-day released by SandboxEscaper since August 2018. The exploit developer claims she found three more local privilege escalation exploits for Windows as well as a sandbox escape, and is offering these for sale to “non-western people” for a minimum of $60,000. “I don’t owe society a single thing. Just want to get rich and give you *** in the west the middlefinger,” SandboxEscaper’s blog reads.
Read more: New Zero-Day Exploit for Bug in Windows 10 Task Scheduler