Zero-Day Exploit Bears Its Teeth On Windows 10 And Server 2019
By: Jim Stickley and Tina Davis
June 8, 2019
Windows users, bear with us! There’s a new zero-day exploit on Windows 10 and Windows Server 2019. This means there is no patch available for it and that could mean trouble! A security researcher, who has found several zero-day vulnerabilities in Windows 10 lately, called SandboxEscaper published results of this latest one on GitHub for all to see. You can’t patch it yet, but you should be aware of it. It’s called ByeBear and could allow an attacker to get escalated privileges on your systems.
Hackers cannot get into a system using this bug. That’s the good news. But they can gain privileges once inside. So, be sure to remind users not to click on any links or attachments in email that have arrived unexpectedly, are from unknown senders, or just don’t seem 100% right. Often, phishing is how these vulnerabilities end up getting exploited. So keeping on top of phishing training and awareness is the best prevention.
Also, ensure all systems have the latest patches and are kept updated with the most current anti-malware and anti-virus software. Even though this bug isn’t fixed yet, others that SandboxEscaper has detailed are being patched with Microsoft’s next Patch Tuesday release on June 11. So apply those as soon as possible once they are available.