Researcher Published Windows Zero-Days for the Third Day in a Row (May 23, 2019)
Another zero-day vulnerability, with associated Proof-of-Concept (POC) code, for Windows operating has been published to GitHub by the researcher known as “SandboxEscaper.” The vulnerability is a bypass for the patch Microsoft issued for “CVE-2019-0841” which is a vulnerability that could allow a low-privileged user “to hijack files that are owned by NT AUTHORITY\SYSTEM by overwriting permissions on the targeted file.” Threat actors could use exploit this vulnerability to plant malware in unauthorized folders.
Recommendation: Threat actors of all levels of sophistication would be able to utilize the POC code to exploit a vulnerability to which Microsoft has already issued a patch. Therefore, it is crucial that your company have robust patch-maintenance policies in place to apply updates as soon as possible to avoid potential malicious activity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.