Patient Zero

 In ITC's Threat of the Week

Have you heard of the mystery hacker SandboxEscaper?

To refresh your memories, SandboxEscaper is an avid Windows enthusiast, as in breaking Windows.

SbE (that is what we will refer to the hacking entity going forwards to save ink, trees etc.) has a notorious history of releasing zero-day exploits for Windows which we have reported on more than one occasion.

If you are a follower of SbE on social media or platforms such as Reddit, it will come as no surprise to you that we struggle with any identification or pronoun. However, there is no doubt whatsoever that they are extra specially smart and have something in for Microsoft, or at the very least Microsoft’s disclosure policy.

This week SbE has been extra specially busy, announcing three zero-day vulnerabilities, previously incorrectly reported as four (one turned out to be a known and patched issue). SbE doesn’t mess about when it announces these zero-days, it publishes proof of concept code. We have tested two of them at the time of going to press. They work.

Bug reporting, especially zero-days is a funny old game. The Zero-Day Initiative and others have done good work to move this forward, but it really isn’t enough. Bug bounties do not in any way match the potential damage for even one customer of a vendor like, ermmm Microsoft.

As usual, we would encourage you to prioritise your patching. Have a really good look at these zero-days and evaluate the risk they might represent to your organisation. If you would like some support with this, contact our fabulous cyber team at: [email protected] or call 020 7517 3900. A security blanket like (almost) no other.

As Theresa May (the daughter of a preacher man) announces her ‘stepping down’, the volatility of the soon to be Un-United Kingdom is ripe for exploitation by third parties and their botnet armies.  Not much we can do about this other than to advise people to not believe everything they see online or in the press.

Enjoy the Bank Holiday.

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+1 202-452-9133