CyberNews Briefs

Microsoft’s June 2019 Patch Tuesday fixes many of SandboxEscaper’s zero-days

As part of Patch Tuesday, Microsoft has issued fixed for 88 vulnerabilities in its products, 21 of which were critical security flaws. Patches were also released for the following 4 zero-days that have been released by Windows exploit developer SandboxEscaper since May.

  • CVE-2019-1069 – A local privilege escalation (LPE) flaw affecting Windows Task Scheduler
  • CVE-2019-1053 – A sandbox escape for Internet Explorer 11
  • CVE-2019-1064 – A bypass of the CVE-2019-0841 patch
  • CVE-2019-0973 – An LPE targeting the Windows Installer folder

A fifth zero-day released by SandboxEscaper remains unpatched for now because Microsoft wasn’t able to develop a fix in time. This bug is another CVE-2019-0841 bypass.

Read more: Microsoft’s June 2019 Patch Tuesday fixes many of SandboxEscaper’s zero-days

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.