CyberNews Briefs

Two More Zero-Day Vulnerabilities Released for Windows

Just one day after notorious Windows exploit developer “SandboxEscaper” released a Windows zero-day exploit, she posted two additional zero-days on her GitHub account. One is a sandbox escape impacting Internet Explorer 11 and the other is a local privilege escalation flaw affecting Windows Error Reporting. The latter is very difficult to exploit.

By releasing these flaws before a patch has been developed, SandboxEscaper is putting Windows users at risk of attack. When releasing the first flaw earlier this week, she already mentioned that she had found 4 more zero days and offered these for sale to “non-western people” for a minimum of $60,000. When releasing the additional two vulnerabilities, the exploit developer didn’t mention if she would release the remaining two as well. SandboxEscaper seems to be motivated by a deep loathing for the security industry and the western world. She criticized the industry in her latest message and said that she didn’t plan to make a career in it.

Read more: Two More Zero-Day Vulnerabilities Released for Windows

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.