Hacker reveals second Zero-Day that bypasses patch for Windows EoP flaw

An anonymous security researcher called SandboxEscaper has publicly shared a second zero-day exploit that bypasses a recently patched vulnerability in the Microsoft Windows operating system.

Dubbed ByeBear, the new exploit abuses Microsoft Edge browser to write discretionary access control list (DACL) as SYSTEM privilege.

“It’s going to increase the thread priority to increase our odds of winning the race condition that this exploits. If your VM freezes, it means you either have 1 core or set your VM to have multiple processors instead of multiple cores… which will also cause it to lock up,” the researcher said.

This bug is most definitely not restricted to the edge. This will be triggered with other packages too. So you can definitely figure out a way to trigger this bug silently without having edge pop up. Or you could probably minimize edge as soon as it launches and closes it as soon as the bug completes,” he added.