Attackers actively targeting Zelologon flaw, Microsoft warns
Security consultancy Acros Security has released a micropatch for Zerologon on its 0patch platform. The micropatch is particularly important for administrators with Windows Server 2008 R2 in their networks since that version of the operating system reached end-of-support in January and no longer receives official security updates.
BlueKeep RCE Flaw Gets Micropatch for Always-On Servers
Unlike Microsoft's security fix, 0patch's micropatch does not require rebooting and it targets a very specific audience, allowing administrators to patch systems that either can't be restarted or do not allow for Microsoft security fixes to be installed for various other reasons.
Third-Party Patch Released for Code Execution Flaw in OpenOffice
ACROS Security’s 0patch service has released an unofficial patch for OpenOffice to address this vulnerability. The micropatch can be applied to the latest version of OpenOffice for Windows. Micropatches have been released for LibreOffice as well.
A micropatch is now available for a zero-day OpenOffice code execution vulnerability which can be triggered via automated macro execution following a mouseover event when viewing a maliciously crafted ODT document.
Security firm beats Adobe by patching reader flaw first
Adobe released a patch for the flaw yesterday, 12 February 2019, labelling the vulnerability CVE 2019-7089 as a critical data leakage issue. However, security firm Acros Security beat the software vendor to the punch by releasing its own patch on Monday.
Three Reasons You Shouldn’t Pay for Windows 7 Updates
There are other ways to fix possible vulnerabilities, including micro patches from 0patch. The company says it will continue to roll out Windows 7 updates as long as it makes sense from a business perspective.
Over the last five days, Acros experts have released three micropatches for the three Windows zero-days for which proof-of-concept (PoC) exploit code has been posted online, opening the window for possible real-world attacks against Windows users.
Unofficial Patches Released for Three Unfixed Windows Flaws
ACROS Security’s 0patch service has released unofficial patches for three Windows vulnerabilities that Microsoft has yet to address, including denial-of-service (DoS), file read, and code execution issues.
Windows Contacts Remote Code Execution Zero-Day Gets Micropatch
Kolsek says that the 0patch fixes are meant to be temporary, until the official patch gets out. However, since Microsoft announced that it would not repair the issue, it looks like the micropatch could turn into a permanent solution for those that want to keep their systems protected against this vulnerability.
0patch releases micropatch for Windows Contacts RCE zero-day
ACROS Security has been busy lately with creating micropatches for Windows zero-day vulnerabilities. In the last week, they published micropatches for the “AngryPolarBearBug” and “readfile” zero-days disclosed by the security researcher who goes online by the moniker “SandboxEscaper”.
Temporary fix available for one of the two Windows zero-days released in December
Kolsek's company has previously released many similar temporary fixes for zero-days that Microsoft didn't fix in time, or did not patch correctly in its first attempts. But usually, the 0patch app has been used to deliver micropatches for Windows versions that have reached End-Of-Life (EOL) and are not receiving official updates from Microsoft anymore.
Windows ‘Deletebug’ Zero-Day Allows Privilege Escalation, Destruction
While Microsoft has not yet commented on the bug, 0Patch’s micropatch for the flaw “successfully blocks the exploit by adding impersonation to the DeleteFileW call… the Delete operation now gets an “ACCESS DENIED” due to impersonation.”
Micropatch Released to Correct Partially Fixed JET DB Engine RCE Vulnerability
0patch's microscopic 18 bytes micropatch corrects Microsoft's partial solution for the vulnerable msrd3x40.dll binary which would expose previously micro patched systems to attacks targeting the CVE-2018-8423 vulnerability.
Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
Until Microsoft's update, users could benefit from the protection of a micropatch - a temporary correction applied while the software is running - that became available from Acros Security 24 hours after the bug disclosure.
Micropatch Released by 0patch for Windows Zero-Day
ACROS Security, the company behind the free 0patch micropatch distribution platform, released their microscopic 21 bytes patch for the vulnerable msrd3x40.dll binary the day after ZDI published their Proof Of Concept exploit.
Windows 0-Day ALPC Bug Exploit Patched By Third Party Ahead Of Microsoft's Official Update
ACROS Security seems to have beaten Microsoft to the punch, however. ACROS identified a couple of instances where Microsoft’s code made impersonation calls in the wrong order during some permission-setting functions and by remedying those issues, the proof of concept code no longer worked.
Acros has also released the code it used so that administrators reluctant to get the micropatch can write their own code fix while waiting for Microsoft. This is one of those times when administrators don't have to wait for an official patch to defend themselves from potential attacks.
Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch
I was surprised to discover that 0patch, a well regarded patching platform from ACROS Security, now has a free patch available that plugs the 0day hole by simply, well, plugging the 0day hole. What a novel idea. Microsoft should do that… he says, tongue planted firmly in cheek.
Upset Equation Editor was killed off? Now you can tell Microsoft to go forth and multiply: App back from the dead
ACROS Security, an infosec biz based in Slovenia, has bandaged and revived the dumped app with a binary-level fix of its own using its 0patch tool. Essentially, you need to restore the removed files and register Equation Editor as a local COM server, apply the ACROS fix, and you've got a working, patched math editor again in Office.
What happens when a vendor doesn’t patch its software?
Another example of guerrilla patching is 0patch, a project from Slovenian consulting firm Acros Security. This approach uses what the firm calls “micro-patching“, in which the binary isn’t modified at all. Instead, the patches are in-memory changes, typically shorter than a tweet, that block malware trying to exploit a particular vulnerability.
With clicking I AGREE, you allow that 0patch tracks and saves your preferences on your computer (such as preferred language, time zone, currency…) and track anonymous statistics via Google Analytics, only to enhance your user experience when visiting our website.