Researcher publishes Windows zero-days for the third day in a row
On Thursday, Windows exploit developer “SandboxEscaper” once again released new zero-day exploits on her GitHub account. SandboxEscaper already released a zero-day on Tuesday and then two more exploits Wednesday, although it turns out one of the latter had already been patched by Microsoft.
One of the new flaws is a local privilege escalation vulnerability, while the other could allow attackers with low privileges in a compromised system to drop malware in unauthorized locations. SandboxEscaper mentioned earlier this week that she found a total of 5 exploits and now confirmed that all of them have been released. By acting against established conventions for responsible disclosure, SandboxEscaper is putting Windows users at risk.