[ Dec 21, 2018 ]
A security researcher with Twitter alias SandboxEscaper today released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft’s Windows operating system.
SandboxEscaper is the same researcher who previously publicly dropped exploits for two Windows zero-day vulnerabilities, leaving all Windows users vulnerable to the hackers until Microsoft patched them.
The newly disclosed unpatched Windows zero-day vulnerability is an arbitrary file read issue that could allow a low-privileged user or a malicious program to read the content of any file on a targeted Windows computer that otherwise would only be possible via administrator-level privileges.
Besides sharing video demonstration of the vulnerability, SandboxEscaper also posted a link to a Github page hosting its proof-of-concept (PoC) exploit for the third Windows zero-day vulnerability, but the researcher’s GitHub account has since been taken down.
Cyber Security Tips:
- Microsoft addressed Vulnerability in the September 2018 Security PatchTuesday Updates.
- Users are strongly advised to apply all security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.
- For installing security updates, directly head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.