Just one day after notorious Windows exploit developer “SandboxEscaper” released a Windows zero-day exploit, she posted two additional zero-days on her GitHub account. One is a sandbox escape impacting Internet Explorer 11 and the other is a local privilege escalation flaw affecting Windows Error Reporting. The latter is very difficult to exploit.
By releasing these flaws before a patch has been developed, SandboxEscaper is putting Windows users at risk of attack. When releasing the first flaw earlier this week, she already mentioned that she had found 4 more zero days and offered these for sale to “non-western people” for a minimum of $60,000. When releasing the additional two vulnerabilities, the exploit developer didn’t mention if she would release the remaining two as well. SandboxEscaper seems to be motivated by a deep loathing for the security industry and the western world. She criticized the industry in her latest message and said that she didn’t plan to make a career in it.
Read more: Two More Zero-Day Vulnerabilities Released for Windows