SandboxEscaper Debuts ByeBear Windows Patch Bypass
Once again, Windows exploit developer SandboxEscaper has released a new zero-day exploit without disclosing the issue to Microsoft first. Last month, SandboxEscaper released five Windows exploits in a week. One of those exploits was a bypass for a patch that fixed a local privilege-escalation (LPE) flaw tracked as CVE-2019-0841. The new exploit is a second bypass for that same patch.
According to Microsoft, exploiting CVE-2019-0841 requires a threat actor “to log on to the system,” and to subsequently “run a specially crafted application that could exploit the vulnerability and take control of an affected system.” In past communications, SandboxEscaper has expressed a deep loathing of the infosec industry and has offered to sell zero-day exploits to “non-western” buyers. By acting against established conventions for responsible disclosure, she is putting Windows users at risk.