SandboxEscaper is back with another new zero-day exploit called ByeBear. Just like last time, the developer didn’t bother to inform Microsoft about the bug.
In May 2019, SandboxEscaper published a total of four Windows exploits in a day. One of them was implemented to bypass a security patch released to fix the LPE vulnerability (CVE-2019-0841).
The developer published this new zero-day exploit to bypass an old patch aimed at fixing an elevation of privilege issue.
Microsoft released a patch to address the vulnerability but SandboxEscaper found a new way to bypass Microsoft’s security patch.
The new exploit can help a threat actor to take advantage of the flaw. An attacker can even take control of your system by using a malicious app to bypass system privileges.
SandboxEscaper discussed the intensity of the bug saying that:
This bug is most definitely not restricted to the edge. This will be triggered with other packages too. So you can definitely figure out a way to trigger this bug silently without having edge pop up. Or you could probably minimize edge as soon as it launches and closes it as soon as the bug completes.
In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network. Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.
There is a workaround that you can use
SandboxEscaper suggested a possible workaround that can be used to bypass the patch. The developer explained on GitHub that she has already worked to exploit Microsoft Edge. According to the developer, a threat actor can implement the exploit by removing folders and files within:
Don’t forget to launch Microsoft Edge twice at the end.
If we look back, SandboxEscaper has always discovered flaws in Windows before Microsoft even knew about them. She never informed Microsoft before publishing them online.
Microsoft should collaborate with SandboxEscaper to fix numerous security flaws that exist within Windows 10. This collaboration can be a fruitful one in the long run.