Earlier this week a security researcher that goes by “SandboxEscaper” published details and a PoC exploit for a zero-day local privilege escalation vulnerability affecting Windows.
Microsoft has, so far, been cagey about when they will push a fix for it. In the meantime, those who don’t want to wait have one other option: implement a temporary micropatch (a tiny security patch that’s implemented in memory, while the software is running).
Get a micropatch
Acros Security, the company behind 0patch, has released a micropatch for the flaw that can be applied to fully updated 64bit Windows 10 version 1803 and 64bit Windows Server 2016.
“As far as we know at this point, the vulnerability was confirmed to also be present and exploitable on 32bit Windows 10 and 32bit Windows 7, so it’s safe to assume that at least all Windows versions from Windows 7 and Windows Server 2008 are likely affected. We can quickly port the micropatch to other affected versions but we’ll only do that on request,” noted Mitja Kolsek, the company’s CEO.
The micropatch will be effective even if the exploit is modified, he explained, as it changes the code to close the hole.
Still, he noted, this should be considered only a temporary fix. Microsoft’s update will not only fix this issue in a more informed way, but will also bring fixes for other vulnerabilities.
“When Microsoft makes their official fix available, you simply apply it as you would if you had never heard of 0patch. Applying it will automatically obsolete this micropatch on your computer as the update will replace a vulnerable executable with a fixed one, thereby changing its cryptographic hash. Since our micropatches are associated with specific hashes, this will make the micropatch inapplicable without intervention on either your end or ours,” he explained.
To implement the micropatch, users must download and launch the 0patch Agent installer, create a free 0patch account and register the agent to that account. “You will immediately receive all micropatches including this one, and it will automatically get applied to Task Scheduler,” he added.
What’s the deal with micropatching?
Creating patches is a long and complex process.
They have to be comprehensive and they have to be ported to all supported software versions. They also have to be extensively tested before being deployed. Finally, they can still result in problems after deployment and the changes may be difficult to revoke.
Creating micropatches is a much quicker and focused process and disruptions to regular operations is minimized.
With 0patch, Acros Security aims to fix 0days, unpatched vulnerabilities, end-of-life and unsupported products, provide patches for legacy operating systems, as well as vulnerable third party components and customized software.