In my case, it was for the MHT vuln that I recall Microsoft listed as "wontfix" https://www.wilderssecurity.com/threads/0patch.386344/page-3#post-2821064 I'm one of the (apparently) few people who regularly uses MHTML files, so I applied a workaround to force such files to open in Slimjet.
Quick patches for zero-day exploits that haven't been patched by MS yet. To be honest, I wouldn't recommend using 0patch to keep using Windows 7 when it becomes unsupported. They will patch high risk vulnerabilities, but attackers can combine medium and low risk vulnerabilities to gain remote code execution as well.
Are you thinking of generally circulating malware & viruses looking for a poorly protected computer, or are you thinking of a dedicated team of hackers that have specifically made one computer their target, and will try various combinations of attacks to breach the security? I can readily imagine attackers combining medium- and low-risk vulnerabilities in the latter case. In the former case I would have guessed that zero-day exploits would typically involve attacks on high-risk vulnerabilities, because (i) lots of computers would not have patched these, (ii) the payoff from the attack might be greater, and (iii) the effort/knowledge to compose the attack vector might be less. If so, then 0patch might provide a very big increase in security when running unsupported Windows 7. (This mindset also affects my manual updating behaviour, by the way: I would install critical updates fairly quickly, but for other updates to patch 'low risk'-rated vulnerabilities I might not install the update for a few weeks.) Is there any data on what severities of vulnerability are actually attacked in the wild? (Not successful attacks, just attempted breaches of security.) —DIV
Both actually. Generally circulating malware may not use these vulnerabilities once they are new, but once they get older they might. I do agree that 0patch can provide an increase in security on unsupported 7, but it is still less secure than a supported OS. If one is heavily determined to run unsupported 7 anyway, I would advise 0patch. However, running unsupported 7 because it can be made more secure with 0patch is something I would advise against. Apart from the fact that it will be missing patches for low and medium severity vulnerabilities, 7 is also less secure than newer Windows versions because it misses new architectural improvements. I can understand that but also have an objection against that, because imho the risk level isn't always accurate. The risk level of a vulnerability is not only based on how severe it is and how easy it is to exploit, but also on if there is awareness of active exploitation. An easy to exploit and severe vulnerability might get a lower risk assessment just because it is not actively exploited. There are 2 faults in that logic. 1: it is not actively exploited at the time of publication. Once the information and patches are out, it will be easier for attackers to find the vulnerability and exploit it, and then they can exploit systems that are not patched quickly because there was no active exploitation or it was not classified as high risk. 2: There is no guarantee that it is not actively exploited. Statements are made specify not being AWARE of exploitation, that doesn't mean it isn't happening anyway. To give a more extreme example: with Spectre and other CPU sidechannel vulnerabilities, some companies also stated they weren't aware of active exploitation. But most of these vulnerabilities, due to their nature, can be exploited without leaving any trace. So even if those companies have a good security setup, staff with expertise etc to properly check if it was being exploited, they wouldn't be able to anyway. So this is actually more of an objection to the classification in general as opposed to your patching strategy. And on-topic, also an objection to 0patch only patching high severity vulnerabilities in 7. There might be but that is not within my area of expertise.
Thanks, BoerenkoolMetWorst. I appreciate the explanations you have provided. I hadn't realised the ratings were done like that. Two thoughts... My former supervisor used to talk about the difference between urgent tasks and important tasks. And in risk assessment it's common practice to multiply the consequences of an undesirable event by an estimate of the event's probability of occurrence to obtain a kind of 'standardised' risk score. —DIV
You do have a point there. Organisations that can't afford downtime and because of that delay patches anyway, need to assess risks, so vulnerabilities that are actively exploited are more urgent to patch. My thoughts were based more on an ideal world where one isn't limited by budget, limited IT staff etc. Unfortunately there really isn't an overview of all improvements afaik, so it is harder to assess how much they improved, but I agree it isn't groundbreaking. Some improvements they made from the top of my head: Exploit migitations like Bottom Up ASLR, Hi Entropy ASLR, Control Flow Guard.(You could of course use anti-exploit software to get similar migitations on frequently exploited software, but that won't protect the kernel). AppLocker Sandbox integrity level. Font rendering for TrueType and OpenType fonts is done sandboxed. In Windows 7 this is done in the kernel, so a font parsing vulnerability is enough for a remote kernel exploit. Newer improvements with Virtualization Based Security. I myself am moving away from Windows OS'es as I prefer free software and Windows is losing more and more privacy, but I still use Windows for some purposes.
0patch releases micropatch for Internet Explorer vulnerability -- including for Windows 7 January 22, 2020 https://betanews.com/2020/01/22/internet-explorer-vulnerability-0patch/ 0patch: Micropatching a Workaround for CVE-2020-0674
Status of Windows 7 and Windows Server 2008 R2 micropatches https://0patch.zendesk.com/hc/en-us...ows-7-and-Windows-Server-2008-R2-micropatches Quite a lot that aren't going to get micropatches.
Windows 10 Gets Temp Patch for Critical Flaw Fixed In Buggy Update February 21, 2020 https://www.bleepingcomputer.com/ne...atch-for-critical-flaw-fixed-in-buggy-update/
Critical RCE Bug in Windows 7 and Server 2008 Gets Micropatch https://www.bleepingcomputer.com/ne...in-windows-7-and-server-2008-gets-micropatch/
Actively Exploited Windows Font Parsing Bugs Get Temporary Fix March 27, 2020 https://www.bleepingcomputer.com/ne...-windows-font-parsing-bugs-get-temporary-fix/ 0Patch: Micropatching Unknown 0days in Windows Type 1 Font Parsing
After leaving one of my Win10 x64 1909 on all night 0Patch keeps popping up constantly on my machine. I've disabled the notifications which has stopped that but I don't know what it has started patching today. It looks like it is patching itself.
Micropatching PrintDemon Vulnerability (CVE-2020-1048) May 20, 2020 https://blog.0patch.com/2020/05/micropatching-printdemon-vulnerability.html
Critical SIGred Windows DNS bug gets micropatch after PoCs released July 19, 2020 https://www.bleepingcomputer.com/ne...-dns-bug-gets-micropatch-after-pocs-released/
Micropatch for Zerologon, the "perfect" Windows vulnerability (CVE-2020-1472) September 17, 2020 https://blog.0patch.com/2020/09/micropatch-for-zerologon-perfect.html
0Patch promises to provide security updates for out-of-support Office 2010 November 8, 2020 https://www.ghacks.net/2020/11/08/0...urity-updates-for-out-of-support-office-2010/
Windows PsExec zero-day vulnerability gets a free micropatch January 7, 2021 https://www.bleepingcomputer.com/ne...ero-day-vulnerability-gets-a-free-micropatch/
Interesting vulnerability. I use PsExec in my Windows XP pc with the command: Code: psexec -l -d To run New Moon 28 and MailNews as with limited-user privileges. I am not affected by this vulnerability: No PSEXESVC process in the system. However in OSA I have only ever had 2 specific exceptions for PsExec.exe. PsExec.exe is protected equally since ever in MBAE.
Hi itman what a pleasure to hear from you again. It is blocked first by OSA. Even if I disable OSA protection and rename PsExec.exe I have some doubt that MBAE will detect it because it is not an exploit.
Windows Installer zero-day vulnerability gets free micropatch https://www.bleepingcomputer.com/ne...-zero-day-vulnerability-gets-free-micropatch/
