Home > News content

Sandbox Escaper, a female hacker, exposed four Windows 10-day vulnerabilities (figure)

via:cnBeta.COM     time:2019/5/24 16:36:51     readed:110


According to her blog content, she hopes to sell the vulnerabilities she found to those who "hate the United States," apparently in retaliation for the FBI's subpoena on her Google account. GitHub proof-of-concepts includes threeWindowsLocal privilege escalation (LPE) security vulnerabilities and a sandbox escape vulnerability in IE 11 browser. However, one of the LPE vulnerabilities has been fixed in this month's patch Tuesday campaign.

Among the three unfixed zero-day vulnerabilities, the most serious one is the one numbered CVE-2019-0863, which is an LPE vulnerability for Windows Error Reporting service. It scored 7.8 points (high) in the CVSS 3.0 severity score.

Related articles:

New Windows 100day vulnerabilities are maliciously exposed by hackers

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments