Four New Microsoft Zero-Day Vulnerabilities Disclosed

Four new zero-day vulnerabilities have been publicly exposed after a researcher, known as SandboxEscaper, released proof-of-concept (PoC) exploits within the last week. All four vulnerabilities are privilege escalation flaws that potentially allow a threat actor to gain full control over files and operating systems. A recently patched vulnerability, CVE-2019-0841, is bypassed in one of the PoC exploits. Though these vulnerabilities have high severity scores, they are not considered critical due to the difficulty of successful exploitation. The NJCCIC recommends users download security updates from Microsoft as they become available. Users can refer to the BleepingComputer article for more information.