0patch

Discussion in 'other security issues & news' started by Rafales, Jun 7, 2016.

  1. Mitja Kolsek

    Mitja Kolsek Registered Member

    Joined:
    Jun 11, 2018
    Posts:
    3
    Location:
    Slovenia
    I have just updated Office 2016 and that didn't remove Equation Editor. I'm pretty sure only the January 2018 update removes it while the subsequent ones just don't care.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,365
    Location:
    The Netherlands
    I think it's risky, better to inject only into the patched process. On the other hand, most security tools inject into all processes, so no surprise.
     
  3. DIV

    DIV Registered Member

    Joined:
    Jun 4, 2018
    Posts:
    6
    Location:
    Oz
    Thanks for that information, Rasheed187, I hadn't realised that, and on balance it makes me feel a bit more comfortable about 0patch Agent not exhibiting unusual behaviour.

    Mitja Kolsek: as you can see, some people (on this forum) are concerned about the injection into all processes.
    Is it technically possible/practical in future versions to make that a user-specified option? I understand/believe that users who chose a limited-injection option would then have some potentially patchable processes left unpatched (because they haven't been 'discovered'), but some users may feel that that is an acceptable trade-off for them to retain maximal control over their system. Just a thought.

    —DIV
     
  4. DIV

    DIV Registered Member

    Joined:
    Jun 4, 2018
    Posts:
    6
    Location:
    Oz
    Actually, one more comment on this. Although the emphasised use-case is to provide protection faster than a vendor patch, another use-case is when the vendor ceases support for whatever reason (scheduled end-of-life, bankruptcy, ...), but access to the software is still felt necessary, despite suspected or even known vulnerabilities.

    As mentioned in my previous posts, for me the software of interest is Equation Editor. I have numerous documents in which I used that tool, so there would be problems without it.
    I understand if some people on this forum would rather wait until a vendor releases an "official" patch. But if that patch is never going to come, would they then feel there is more risk to run legacy software unpatched, or more risk to install micropatches?

    I'm not sure what is meant by "anti-exe and anti-exploit". Feel free to point me to a FAQ page if this is a common query.
    I do have an "anti-virus" & "internet security" application installed, but I am not confident that it would help with the vulnerabilities relevant here.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,365
    Location:
    The Netherlands
    Basically, exploits have the goal to run malware, and this malware can be stopped by anti-exe and anti-exploit which will block exploits in its early stages which will cause it to block file-less malware. Popular tools are EXE Radar and HMPA, see links.

    http://www.novirusthanks.org/products/exe-radar-pro/
    https://www.hitmanpro.com/en-us/alert.aspx
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,822
    Location:
    Here
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,909
    Location:
    USA
    I don't expect any of the experienced members here will even consider this patch. I know I will not.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,822
    Location:
    Here
    How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)
    https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,822
    Location:
    Here
    Micropatch Released by 0patch for Windows Zero-Day
    https://news.softpedia.com/news/micropatch-released-by-0patch-for-windows-zero-day-522880.shtml
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,822
    Location:
    Here
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,822
    Location:
    Here
    New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available
    https://news.softpedia.com/news/new...-on-twitter-micropatch-available-523411.shtml
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,452
    Windows Zero-Day Bug that Overwrites Files Gets Interim Fix
    January 18, 2019
    https://www.bleepingcomputer.com/ne...y-bug-that-overwrites-files-gets-interim-fix/
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,452
    Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch
    January 21, 2019
    https://www.bleepingcomputer.com/ne...lets-attackers-read-any-file-gets-micropatch/
     
  14. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    How is it an exploit if you have to run an executable file for it to work? This doesn't make sense, as any executable can do a lot of bad stuff it that's its intent and you let it run, even without admin privileges, not just exploits. I'm so tired of "exploits" that require the user to run an exe, fake news every time
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,262
    Location:
    U.S.A.
    The question is if Win 10 1809 is not vulnerable to this or if 0patch doesn't work on 1809?
     
  16. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    575
    Location:
    The Netherlands
    From: https://www.csoonline.com/article/3...h-available-for-zero-day-windows-exploit.html
    Version 1803 is still the most used version of Windows 10. They just don't offer a patch for 1809.
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,452
    Windows Contacts Remote Code Execution Zero-Day Gets Micropatch
    January 23, 2019
    https://www.bleepingcomputer.com/ne...mote-code-execution-zero-day-gets-micropatch/
     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,822
    Location:
    Here
    One... Two... Three Micropatches For Three Windows 0days
    https://blog.0patch.com/2019/01/one-two-three-micropatches-for-three.html
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,822
    Location:
    Here
    Sorry, Adobe Reader, We're Not Letting You Phone Home Without User's Consent (0day)
    https://blog.0patch.com/2019/02/sorry-adobe-reader-were-not-letting-you.html
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,452
    OpenOffice Zero-Day Code Execution Flaw Gets Free Micropatch
    February 13, 2019
    https://www.bleepingcomputer.com/ne...day-code-execution-flaw-gets-free-micropatch/
     
  21. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,076
    Do we know if this was patched yesterday?
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,262
    Location:
    U.S.A.
    Yes. It was included:
    https://threatpost.com/adobe-fixes-43-critical-acrobat-and-reader-flaws/141721/
     
  23. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,076
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,345
    Location:
    Among the gum trees
    Are there many using this program? Do you need to create an account?
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,345
    Location:
    Among the gum trees
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.