Hacker revealed the second Zero-Day, broke Windows' EoP vulnerability patch

A security researcher with a nickname SandboxEscaper recently publicly shared a second zero-day exploit, which can be used to break up an advanced security patch for a privileged vulnerability that is only currently available. Here in Microsoft Windows operating system.

Hacker revealed the second Zero-Day, broke Windows' EoP vulnerability patch

A security researcher with a nickname SandboxEscaper recently publicly shared a second zero-day exploit, which can be used to break up an advanced security patch for a privileged vulnerability that is only currently available. Here in Microsoft Windows operating system.

Microsoft Azure is being used to host malware and C2 servers

SandboxEscaper is one of the most famous hackers in hunting for vulnerabilities on Windows. This security researcher has repeatedly published zero-day exploits towards unpatched Windows vulnerabilities. In 2018 alone, SandboxEscaper revealed a total of more than half a dozen zero-day vulnerabilities in the Windows operating system without really bothering to tell Microsoft about the product's problems in advance. they.

Hacker revealed the second Zero-Day, broke Windows' EoP vulnerability patch Picture 1

GoldBrute botnet campaign is trying to hack 1.5 million RDP servers worldwide

In just two weeks ago, SandboxEscaper revealed four new exploits of Windows exploits, one of which exploits could allow an attacker to bypass an advanced security patch for privileged vulnerabilities (CVE-2019-0841). ) in Windows, exists when Windows AppX Deployment Service (AppXSVC) handles hard links incorrectly.

Now, the hacker once again claims to have found a new way to bypass the security patch Microsoft released for the same vulnerability, allowing a malicious application specifically designed to automatically escalates privileges for itself, and eventually takes complete control of the targeted Windows computer even though the system has been updated to the latest Microsoft patch.

Microsoft rushed to release security updates for Windows XP, Server 2003

This new exploit is named ByeBear, and as you can see in the demo video above, ByeBear will abuse the Microsoft Edge browser to write an optional access control list (DACL) as a system privilege (SYSTEM privilege).

The next patch for the flaw is likely to be released by Microsoft according to the Tuesday update schedule, scheduled for June 11. Please wait and see if the Windows team has acknowledged that their system had problems in the previous 4 exploits, and whether they can provide a specific security fix to resolve this vulnerability neatly. is not.

Download an emergency Windows patch right away, fix two critical vulnerabilities, affecting every Windows version
microsoft has announced a new windows emergency patch, aimed at patching more than 90 security flaws, including two vulnerabilities used in direct attacks. every windows is affected, please update your operating system now.
Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
microsoft has just released security updates to fix a high-severity zero-day vulnerability in windows.
Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
apple has simultaneously released new versions of their software to update features, fix bugs and patch security holes.
Microsoft urges Admin to patch PowerShell vulnerability on Windows
microsoft has just asked for it admins of organizations and businesses to immediately patch the vulnerability in powershell 7. the reason is that this vulnerability allows hackers to bypass windows defender application control (wdac) enforcement measures.
Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch
the emergency patch was released by microsoft just days after it released patch tuesday's update in october.
GitLab patches critical vulnerability that allows hackers to take control of accounts
gitlab has just resolved a critical vulnerability that could allow hackers to take over users' accounts with hard-coded passwords. it is worth mentioning here that the hacker can perform the attack remotely.
Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10
patch tuesday's security update by windows 10 this month fixes a fairly serious security hole.
Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked
apple has just released a security update to patch two zero-day vulnerabilities. in it, one has been made public and another is being exploited by hackers to penetrate iphones and macs. these are the first zero-day vulnerabilities that apple will patch in 2022.
Microsoft released an emergency patch for Windows, turned off the Specter patch, causing a drop in system performance
microsoft's newly released emergency update for windows has removed the patch for two serious vulnerabilities specter and meltdown released since the beginning of the month.
Google has reported a zero-day vulnerability that has just appeared in Windows 7, Microsoft has not yet released a patch
according to google's disclosure in a blog post on march 7, 2019, microsoft seems to be having a problem with a zero-day vulnerability in windows 7 that has yet to release a thorough patch.
Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
spring has just released an urgent update to patch the spring4shell remote code execution zero-day vulnerability. information about this vulnerability was leaked on the internet before the patch was released.
Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
a group of free security researchers recently announced the zero-day vulnerability in the dropbox version of the windows app.