HomeWinBuzzer NewsMicrosoft Fixes Four of SandboxEscaper Disclosed Exploits During Patch Tuesday

Microsoft Fixes Four of SandboxEscaper Disclosed Exploits During Patch Tuesday

Unfortunately, a patch for the fifth zero-day published by SandboxEscaper will not arrive until later, Microsoft confirmed.


Over the last few months, guerilla developer SandboxEscaper has been frustrating . She has been publishing details of privilege escalation exploits in Windows. While disclosing vulnerabilities is not bad, SandboxEscaper has not been respecting the typical 90-day process.

If you are unfamiliar with that 90-day window, it is something most the tech companies adhere to. It is used by Project Zero, for example. When a bug is found in a software, the party that discovered it warns the software creator, who then has 90 days to issue a fix.

SandboxEscaper has been avoiding telling Microsoft about the flaws she has found. Instead, the company only finds out about the flaws when they are published. That leaves Microsoft scrambling to develop a fix for an exploit that is now actively in the wild.

To Microsoft's credit, it has worked quick and yesterday issued four patches for five of the exploits SandboxEscaper has recently sent out.

Exploit CVE Description
BearLPE CVE-2019-1069  LPE exploit in the Windows Task Scheduler process
SandboxEscape CVE-2019-1053 Sandbox escape for Internet Explorer 11
CVE-2019-0841-BYPASS CVE-2019-1064 Bypass of the CVE-2019-0841 patch
InstallerBypass CVE-2019-0973 LPE targeting the Windows Installer folder


Microsoft confirmed it was unable to roll out the fifth fix in time for yesterday's cumulative updates. Overall, the company patched 88 issues during Patch Tuesday, with 21 described as critical.

Publishing Zero Days

Last month, we reported on a Windows zero-day vulnerability that had been published online by security researcher SandboxEscaper. Problematically, she published the demo exploit code without notifying Microsoft first. A day later, the guerilla developer published another two zero-day exploits.

One of those vulnerabilities was called “AngryPolarBearBug2”, a problem that affects Windows Error Reporting on Microsoft's platform. SandboxEscaper says “It can take upwards of 15 minutes for the bug to trigger,” SandboxEscaper said.

Elsewhere, the researcher describes another vulnerability that is affecting the legacy Internet Explorer 11 browser. SandboxEscaper published the code and a demo video for the zero-day.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News