Microsoft’s June 2019 Patch Tuesday fixes many of SandboxEscaper’s zero-days
As part of Patch Tuesday, Microsoft has issued fixed for 88 vulnerabilities in its products, 21 of which were critical security flaws. Patches were also released for the following 4 zero-days that have been released by Windows exploit developer SandboxEscaper since May.
- CVE-2019-1069 – A local privilege escalation (LPE) flaw affecting Windows Task Scheduler
- CVE-2019-1053 – A sandbox escape for Internet Explorer 11
- CVE-2019-1064 – A bypass of the CVE-2019-0841 patch
- CVE-2019-0973 – An LPE targeting the Windows Installer folder
A fifth zero-day released by SandboxEscaper remains unpatched for now because Microsoft wasn’t able to develop a fix in time. This bug is another CVE-2019-0841 bypass.