A serial publisher of Microsoft zeroday vulnerabilities has dropped exploit code for three more unpatched flaws, marking the seventh time the unknown person has done so in the past year.
Technical details of the vulnerabilities, along with working proof-of-concept exploits, are the work of someone using the moniker SandBoxEscaper. A local privilege-escalation vulnerability in the Windows Task Scheduler that was disclosed on Tuesday allows an authenticated attacker to gain SYSTEM privileges on an affected system. On Thursday, the person released a privilege escalation code that exploits a bug in the Windows Error Reporting service.
