The latest Windows 10 cumulative update that fixes four security vulnerabilities discovered by SandboxEscape

Windows zero day flaws

Microsoft has released this month’s Windows 10 routine cumulative update, which is mainly to resolve various vulnerabilities and known issues. According to Microsoft, this time, a total of 88 security vulnerabilities were fixed and 21 were critical vulnerabilities. We previously mentioned that a female hacker, SandboxEscape published a number of Windows zero-day vulnerabilities. Most of these zero-day vulnerabilities are sandbox escapes or privilege escalation.

Windows zero day flaws

Direct disclosure of vulnerabilities means that there may be potential hazards, and other hackers using these vulnerabilities to launch attacks may pose security problems for users. So public vulnerabilities make Microsoft very uncomfortable, but Microsoft can’t help it. It can only fix these security vulnerabilities silently every month when routine updates are released. For example, this month’s routine update has fixed four zero-day bugs announced by the female hacker. Fortunately, these zero-day vulnerabilities have not been exploited in the wild. Of course, now that the relationship between the two sides is so stiff, we can’t blame Microsoft for being stingy. Microsoft did not mention the name of the female hacker in the security bulletin corresponding to the vulnerability.

It is worth noting that this female hacker announced a total of five zero-day vulnerabilities during this time period. Microsoft will fix four of them this time. Given that the vulnerability has been made public by female hackers, it is still critical to fix it in time, because other hackers have begun to quietly exploit these vulnerabilities. Four vulnerabilities were fixed include:

  • CVE-2019-1069 | Task Scheduler Elevation of Privilege Vulnerability

  • CVE-2019-1053 | Windows Shell Elevation of Privilege Vulnerability

  • CVE-2019-1064 | Windows Elevation of Privilege Vulnerability
  • CVE-2019-0973 | Windows Installer Elevation of Privilege Vulnerability