Researcher publishes Windows zero-days for the third day in a row
A security researcher and exploit seller going by the name of SandboxEscaper has published today new Windows zero-days for the third day in a row.
On her GitHub account, the researcher published proof-of-concept code for two zero-days, but also short explainers on how to use the two exploits.
These two new exploits mark the seventh and eight zero-days the researcher has published in the last ten months. To summarize, over the course of the last three days, she also published:
- LPE exploit in the Windows Task Scheduler process [May 21]
- Sandbox escape for Internet Explorer 11 [May 22]
- an LPE in the Windows Error Reporting service [May 22] -- technically not a zero-day. It was revealed that Microsoft had already patched the issue before SandboxEscaper released her demo exploit code.