[German]David Xanatos informed me that he released a major update for Sandboxie in version v0.5.5 / 5.46.4 on Githib on January 19, 2021. Here is some information about it.
The history
Sandboxie was developed by Sophos for application virtualization and later released as open source (see alsoSandboxie is now Open Source and this GitHub project). Sophos acquired Sandboxie from Invincea, which had previously acquired it from the original author, Ronen Tzur. It is a sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems. David Xanatos took the released source code and developed it further as a fork. The project is available on the GitHub Sandboxie page.
Sandboxie v0.5.5 / 5.46.4
David writes: There is a new major update of Sandboxie: Sandboxie/ v0.5.5. In this and the previous build (Sandboxie v0.5.4c) from last week some vulnerabilities have been fixed: :
- fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok)
- fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation
- fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
- fixed issue allowing to bypass the registry isolation, present since Windows 10 Creators Update
There are also some changes:
- Changed Emulated SCM behavior, boxed services are no longer by default started as boxed system
- Sandboxie now strips particularly problematic privileges from sandboxed system tokens, with those a process could attempt to bypass the sandbox isolation (thanks Diversenok)
- added print spooler filter to prevent printers from being set up outside the sandbox
So, among other things, some rather rough blunders from the Sophos days have been fixed. Setting up processes with system rights outside the sandbox is a nasty one, as is unfiltered access to the registry. David comments: It would therefore be highly advisable for all users to update their installation quickly.
Other news
There is now a dedicated homepage Sandboxie-Plus.com which is also referenced by Sophos (sandboxie.com). And at wilderssecurity.com there is now a subforum for Sandboxie.
PS: And as it should be there is also a logo for the sandboxie bugs:
What is Sandboxie?
Sandboxie is an application isolation program that allows you to run other software on Windows in a controlled environment. To do this, Sandboxie takes control when the application is installed and isolates all file and registry accesses and redirects them into separate files. Xanatos writes about this:
It creates a sandbox-like isolated operating environment where applications can be run or installed without permanently changing the local or mapped drive. An isolated virtual environment allows controlled testing of untrusted programs and surfing the Internet.
The isolation technology used by Sandboxie separates the programs installed in this way from the underlying operating system. This prevents unwanted changes from being made to personal data, programs and applications that are safely stored on the hard drive. Sandboxie therefore allows software to be tested and later uninstalled from the system without leaving any residue.
Similar articles:
Sophos releases Sandboxie 5.31.4 for free
Sandboxie is now Open Source
Sandboxie Build 0.3/5.42 released