In Windows there is a Zero-Day-Exploit, which allows you to overwrite files without permission. 0patch provides a temporary micro-patch for this bug after Microsoft did not patch it in January 2019.
At the end of the year a new 0-Day bug in Windows has became known by a hacker using the alias SandboxEscaper. The vulnerability allows attackers to overwrite files (see my blog post Windows 10: 0-day bug enabled file overwrite).
We have just issued a micropatch for SandboxEscaper’s #angrypolarbearbug 0day. The vulnerability allows a low-privileged user to have any file overwritten with the content of a Windows Error Reporting XML file. This could potentially lead to arbitrary code execution as SYSTEM. pic.twitter.com/KWzJ1nUNIo
— 0patch (@0patch) 17. Januar 2019