Two zero-day exploits have been identified so far and four more are lined up in further exposé, per the latest details from the bug-hunter known as SandboxEscaper, who has made a name by scrutinizing potential security holes on Windows 10 and other Microsoft products. The revelation came just days after the release of Patch Tuesday security updates, indicating that a fix is unlikely to show up soon.
The usual security update cycle for Microsoft is every second Tuesday of the month so the threats accompanying these bugs will not be dealt with until June 11. Meanwhile, the same researcher has warned that more zero-days will be out in the open, tthat in the days ahead Windows 10 users will have to bear with risks while using the operating system.
One of the bugs was nicknamed by SandboxEscaper as AngryPolarBugs2 because it shares similarity with a zero-day that was published last December, ZDNet said. The two bugs are said to be vulnerabilities that reside in the Windows Error Reporting service. When used in an attack, any of the bugs will open a door for hackers to edit files.
But the good thing is, it will be tons of hard work to take advantage of the exploits, which SandboxEscaper as a non-issue for the most part.
The second zero-day has to do with the soon-to-retire Internet Explorer 11, which would be vulnerable to the injection of malicious code with the bug around. But according to the same ZDNet report, the bug cannot be exploited remotely hence it can be treated as a low-impact issue in the Windows environment.
To be clear though, low impact bugs or even flaws with potential for privilege escalations are long-regarded as normal occurrences in the Windows operating system. As the OS of choice by millions around the world, Windows is under constant threat of attacks while hackers are relentless in their pursuit to look for vulnerabilities.
Microsoft, however, is letting its guards down, The Register said in a related report. Aside from its monthly dispatch of security fixes the tech giant is always ready to release emergency patches when the situation calls for it. That should mean if any of the zero-days that SandboxEscaper has been identifying in the past morphed into a serious threat, the Windows maker will be on hand to thwart the attack.
The likely source of such an episode is when SandboxEscaper follows through on her warning that she might just sell the identified exploits if only to spite the West.
