On Windows a new series of vulnerabilities that allows access to the system. A user under the pseudonym SandBoxEscaper submitted exploits for three breaches at once. The first allows you to elevate user privileges in the system using the task scheduler. For an authorized user, it is possible to elevate rights to system ones.
The second flaw affects the error reporting service in Windows. This allows attackers to use it to modify files that are normally inaccessible. Finally, the third exploit exploits a vulnerability in Internet Explorer 11. It can be used to execute JavaScript code with a higher level of privileges than usual.
And although all these exploits require direct access to a PC, the very fact that there are gaps is alarming. They are especially dangerous if the user becomes a victim of phishing or other similar methods of online fraud.
At the same time, it is noted that an independent check of exploits showed that they work in 32-bit and 64-bit versions of the OS. Recall that back in March, Google reported that a privilege escalation vulnerability in older versions of Windows was implemented using the Chrome browser.
Microsoft has not yet commented on the information, so it is not clear when the patch will appear. It is assumed that an official statement from Redmond will come in the coming days, so all that remains is to wait.
Source: 3dnews.ru