loader gif

Two zero-days impacting Microsoft products published on GitHub

Two zero-days impacting Microsoft products published on GitHub
  • SandboxEscaper uncovered a zero-day vulnerability in the Windows Error Reporting service dubbed ‘AngryPolarBearBug2’.
  • The researcher also published a demo exploit code for a zero-day vulnerability impacting Internet Explorer 11.

A security researcher who goes under the name ‘SandboxEscaper’ has published the demo exploit code for two Microsoft zero-day vulnerabilities.

The first vulnerability is found in the Windows Error Reporting service and the second vulnerability in Internet Explorer 11.

What is the AngryPolarBearBug2 vulnerability?

SandboxEscaper uncovered a zero-day vulnerability in the Windows Error Reporting service dubbed ‘AngryPolarBearBug2’.

  • The vulnerability can be exploited via a carefully placed DACL (discretionary access control list) operation.
  • Once exploited, it could allow an attacker to edit files.
  • However, the researcher noted that it takes over 15 mins for the bug to trigger.

Internet Explorer vulnerability

The researcher also published a demo exploit code for a zero-day vulnerability impacting Internet Explorer 11.

  • This zero-day vulnerability could allow attackers to inject malicious code in Internet Explorer.
  • Another security researcher who reviewed the exploit noted that this bug is not remotely exploitable and should be considered a low-impact issue.

SandboxEscaper promised to release two more Microsoft zero-day vulnerabilities in the coming days.

loader gif