0patch

Discussion in 'other security issues & news' started by Rafales, Jun 7, 2016.

  1. Mitja Kolsek

    Mitja Kolsek Registered Member

    Joined:
    Jun 11, 2018
    Posts:
    3
    Location:
    Slovenia
    I have just updated Office 2016 and that didn't remove Equation Editor. I'm pretty sure only the January 2018 update removes it while the subsequent ones just don't care.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,874
    Location:
    The Netherlands
    I think it's risky, better to inject only into the patched process. On the other hand, most security tools inject into all processes, so no surprise.
     
  3. DIV

    DIV Registered Member

    Joined:
    Jun 4, 2018
    Posts:
    6
    Location:
    Oz
    Thanks for that information, Rasheed187, I hadn't realised that, and on balance it makes me feel a bit more comfortable about 0patch Agent not exhibiting unusual behaviour.

    Mitja Kolsek: as you can see, some people (on this forum) are concerned about the injection into all processes.
    Is it technically possible/practical in future versions to make that a user-specified option? I understand/believe that users who chose a limited-injection option would then have some potentially patchable processes left unpatched (because they haven't been 'discovered'), but some users may feel that that is an acceptable trade-off for them to retain maximal control over their system. Just a thought.

    —DIV
     
  4. DIV

    DIV Registered Member

    Joined:
    Jun 4, 2018
    Posts:
    6
    Location:
    Oz
    Actually, one more comment on this. Although the emphasised use-case is to provide protection faster than a vendor patch, another use-case is when the vendor ceases support for whatever reason (scheduled end-of-life, bankruptcy, ...), but access to the software is still felt necessary, despite suspected or even known vulnerabilities.

    As mentioned in my previous posts, for me the software of interest is Equation Editor. I have numerous documents in which I used that tool, so there would be problems without it.
    I understand if some people on this forum would rather wait until a vendor releases an "official" patch. But if that patch is never going to come, would they then feel there is more risk to run legacy software unpatched, or more risk to install micropatches?

    I'm not sure what is meant by "anti-exe and anti-exploit". Feel free to point me to a FAQ page if this is a common query.
    I do have an "anti-virus" & "internet security" application installed, but I am not confident that it would help with the vulnerabilities relevant here.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,874
    Location:
    The Netherlands
    Basically, exploits have the goal to run malware, and this malware can be stopped by anti-exe and anti-exploit which will block exploits in its early stages which will cause it to block file-less malware. Popular tools are EXE Radar and HMPA, see links.

    http://www.novirusthanks.org/products/exe-radar-pro/
    https://www.hitmanpro.com/en-us/alert.aspx
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,756
    Location:
    Slovenia
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,690
    Location:
    USA
    I don't expect any of the experienced members here will even consider this patch. I know I will not.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,756
    Location:
    Slovenia
    How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)
    https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,756
    Location:
    Slovenia
    Micropatch Released by 0patch for Windows Zero-Day
    https://news.softpedia.com/news/micropatch-released-by-0patch-for-windows-zero-day-522880.shtml
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,756
    Location:
    Slovenia
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.