Microsoft ends four of five zero-day threats discovered in Windows 10 and Windows 2019 Server

Four out of five

The most unique thing about SandboxEscaper is that had not been the protocol followed in these cases Instead of granting the grace period, three months, the hacker had announced to the public the existence of these vulnerabilities. The affected company, in this case Microsoft, had lost the privilege of being warned in advance and in secret to work on correcting the errors.

The truth is that against the clock and in full view of the entire world, the US company has managed to mitigate four of the five threats that had been discovered on that occasion:

Threat Name	CVE	Description
BearLPE	CVE-2019-1069	LPE explodes in Windows Task Scheduler process
SandboxEscape	CVE-2019-1053	SandboxEscape for Internet Explorer 11
CVE-2019-0841-BYPASS	CVE-2019-1064	Bypass patch CVE-2019-0841
InstallerBypass	CVE-2019-0973	LPE directed to the Windows Installer folder

Remember that these are Windows Local Privilege Escalation (LPE) security flaws CVE-2019-1069, CVE -2019-1064, CVE-2019-0973 and a vulnerability that affects Internet Explorer 11. In the case of the security bug CVE-2019-1053 that affects Internet Explorer (IE), it is a flaw that allows users to Attackers inject DLL into Microsoft browser. For its part, another of the failures is related to a previously published patch that affects a privilege defect and Windows permissions overwrite.

A fifth threat remains to be patched, but Microsoft has not had time to fix the bug as it was published by SandboxEscaper only a few years ago days. Therefore said patch is still pending to be released.

To access the new Microsoft security patches you must use the usual method. To do this, just go to Settings > Update and Security > Windows Update Here is the importance of keeping the operating system updated."

Via | ZDNet

Table of contents:

Four out of five

Editor's choice