When fifth Zero-day vulnerability with Window in the Task Scheduler utility was found and taken care of, SandboxEscaper claimed about multiple vulnerabilities, two of which that include Microsoft’s Windows Error Reporting service and the 11th version of the Internet Explorer web browser has already been released to public. Let’s discuss the both in somewhat detail:
Microsoft Windows Error Reporting service
Vulnerability has been detected to the Microsoft Windows Error Reporting service, is misused by Cyber crooks by using DACL or Discretionary access control list operating principle. The Vulnerability AngryPolarBearBug2 allows managing of the files and documents located on Windows computer system. The vulnerability can run also malicious processes.
AngryPolarBearBug2 vulnerability is almost similar to that of its predecessor which was detected last year. The name AngryPolarBearBug2 vulnerability to this one also derived from the previous vulnerability AngryPolarBearBug which permitted Cybercriminals to access the targeted system and rewrite any type of file located on the system. Palo Alto’s security researcher however claimed that this AngryPolarBearBug2 flaw has been patched.
Flaw in 11th update of Internet Explorer
This bug is explained in details in a video released by Microsoft’s browser application. This zero day vulnerability appears when a malware-ladden DLL or Data Link Library file is launched on the web browser. This allows the attackers to overrun the protection Sandbox section on the Internet Explorer and launch malicious code. This helps in getting the integrity permission. Researchers said this however not a big issue but recommended fixing it soon. This patch will release on 11th of June by this year.
Other two vulnerabilities
For the other two exploits that have not yet patched, SandboxEscaper has already released PoC exploits. Out of the total four flaws, the first one is patched as the Microsoft has released for the CVE-2019-084 flaw or AngryPolarBearBug2 vulnerability. One that the 11th vulnerability as it discuss will be patched- Microsoft is going to release the patch on the data 11th of June.
Talking of the other two unpatched vulnerabilities, SandboxEscaper has released video based instructions for the patch. However, these video clips haven’t yet confirmed by CyberSecurity experts.