A security researcher who goes by online handle SandboxEscaper has disclosed a second zero-day exploit dubbed ByeBear to bypass a recently patched elevation of privilege issue in Windows OS.
In May, the same researcher has disclosed four windows zero-day exploits in 24 hours.
The flaw, tracked as CVE-2019-0841, could allow attackers to bypass an elevation of privilege issue in Microsoft Windows operating system.
The Windows have already patched the flaw and it occurs due to the way Windows AppX Deployment Service (AppXSVC) handles hard links.
Now the researchers have disclosed a new exploit to bypass the security patch released by Microsoft for the same flaw.
A specially crafted application can be used to escalate its privileges and take complete control of the victim’s machine.
The researcher also shared PoC video demonstration for the exploit which can be seen below:
The exploit abuses the Microsoft Edge browser causing it to write the discretionary access control list (DACL) as system privilege.
“This bug is most definitely not restricted to the edge. This will be triggered with other packages too. So you can definitely figure out a way to trigger this bug silently without having edge pop up. Or you could probably minimize edge as soon as it launches and closes it as soon as the bug completes.”
“I think it will also trigger by just launching edge once, but sometimes you may have to wait for a little. I didn’t do extensive testing…found this bug and quickly wrote up a PoC, took me like 2 hours total, finding LPEs is easy.” said SandboxEscaper.
Microsft is expected to address this and previous 4 exploits released by the SandboxEscaper in the next patch Tuesday update on June 11.
You may be interested in reading: New GandCrab Ransomware Campaign Targets MySQL Servers on Windows