I have just updated Office 2016 and that didn't remove Equation Editor. I'm pretty sure only the January 2018 update removes it while the subsequent ones just don't care.
I think it's risky, better to inject only into the patched process. On the other hand, most security tools inject into all processes, so no surprise.
Thanks for that information, Rasheed187, I hadn't realised that, and on balance it makes me feel a bit more comfortable about 0patch Agent not exhibiting unusual behaviour. Mitja Kolsek: as you can see, some people (on this forum) are concerned about the injection into all processes. Is it technically possible/practical in future versions to make that a user-specified option? I understand/believe that users who chose a limited-injection option would then have some potentially patchable processes left unpatched (because they haven't been 'discovered'), but some users may feel that that is an acceptable trade-off for them to retain maximal control over their system. Just a thought. —DIV
Actually, one more comment on this. Although the emphasised use-case is to provide protection faster than a vendor patch, another use-case is when the vendor ceases support for whatever reason (scheduled end-of-life, bankruptcy, ...), but access to the software is still felt necessary, despite suspected or even known vulnerabilities. As mentioned in my previous posts, for me the software of interest is Equation Editor. I have numerous documents in which I used that tool, so there would be problems without it. I understand if some people on this forum would rather wait until a vendor releases an "official" patch. But if that patch is never going to come, would they then feel there is more risk to run legacy software unpatched, or more risk to install micropatches? I'm not sure what is meant by "anti-exe and anti-exploit". Feel free to point me to a FAQ page if this is a common query. I do have an "anti-virus" & "internet security" application installed, but I am not confident that it would help with the vulnerabilities relevant here.
Basically, exploits have the goal to run malware, and this malware can be stopped by anti-exe and anti-exploit which will block exploits in its early stages which will cause it to block file-less malware. Popular tools are EXE Radar and HMPA, see links. http://www.novirusthanks.org/products/exe-radar-pro/ https://www.hitmanpro.com/en-us/alert.aspx
How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN) https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
Micropatch Released by 0patch for Windows Zero-Day https://news.softpedia.com/news/micropatch-released-by-0patch-for-windows-zero-day-522880.shtml
Micropatch Released to Correct Partially Fixed JET DB Engine RCE Vulnerability https://news.softpedia.com/news/mic...-jet-db-engine-rce-vulnerability-523219.shtml
New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available https://news.softpedia.com/news/new...-on-twitter-micropatch-available-523411.shtml
Windows Zero-Day Bug that Overwrites Files Gets Interim Fix January 18, 2019 https://www.bleepingcomputer.com/ne...y-bug-that-overwrites-files-gets-interim-fix/
Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch January 21, 2019 https://www.bleepingcomputer.com/ne...lets-attackers-read-any-file-gets-micropatch/
How is it an exploit if you have to run an executable file for it to work? This doesn't make sense, as any executable can do a lot of bad stuff it that's its intent and you let it run, even without admin privileges, not just exploits. I'm so tired of "exploits" that require the user to run an exe, fake news every time
From: https://www.csoonline.com/article/3...h-available-for-zero-day-windows-exploit.html Version 1803 is still the most used version of Windows 10. They just don't offer a patch for 1809.
Windows Contacts Remote Code Execution Zero-Day Gets Micropatch January 23, 2019 https://www.bleepingcomputer.com/ne...mote-code-execution-zero-day-gets-micropatch/
One... Two... Three Micropatches For Three Windows 0days https://blog.0patch.com/2019/01/one-two-three-micropatches-for-three.html
Sorry, Adobe Reader, We're Not Letting You Phone Home Without User's Consent (0day) https://blog.0patch.com/2019/02/sorry-adobe-reader-were-not-letting-you.html
OpenOffice Zero-Day Code Execution Flaw Gets Free Micropatch February 13, 2019 https://www.bleepingcomputer.com/ne...day-code-execution-flaw-gets-free-micropatch/
Yes. It was included: https://threatpost.com/adobe-fixes-43-critical-acrobat-and-reader-flaws/141721/
It appears you do need to create an account. https://0patch.zendesk.com/hc/en-us/articles/202700922-Test-How-0patch-Works
