A vulnerability researcher published four previously unreported flaws in Microsoft Windows over three days this week, flaws that could allow a local user to escalate their rights on a compromised system to that of an administrator.
Exploits for the four flaws — plus a fifth vulnerability that Microsoft fixed last week — were posted by the researcher to a GitHub repository using the name SandboxEscaper. The researcher, who has published working zero-day attacks for legitimate vulnerabilities in the past, posted the first exploit on Tuesday, May 21, with two more exploits published on each of the next two days.
Leave a reply