0patch releases unofficial security patches for 3 Windows flaws yet to be fixed

Pierluigi Paganini January 23, 2019

Researchers from 0patch, a community of experts that aims at addressing software flaws, released unofficial patches for three Windows vulnerabilities that Microsoft has yet to be fixed.

The list of vulnerabilities addressed by 0patch include a denial-of-service (DoS) bug, a file read issue, and a code execution flaw.

“While we’re busy ironing out the wrinkles before 0patch finally exits its adolescence (i.e., Beta) and becomes a fully responsible adult able to pay for its own rent, we did find some time to produce… not one, … not two, … but three 0day micropatches in the past few days.” reads the blog post published by 0patch.

“That’s right, at this very moment you can get three 0days on your Windows computer micropatched for free!  “

One of the patches addressed a flaw publicly disclosed last month by the researcher known as SandboxEscaper, the vulnerability could be exploited by an attacker with low privileges to elevate them on the vulnerable system. The expert shared the PoC exploit code (deletebug.exe) to delete critical system files, an operation that requests admin level privileges

Security experts noticed that the flaw only affects Windows 10 and recent versions of Windows Server editions because older versions of the Microsoft operating systems don’t implement the Microsoft Data Sharing service.

This vulnerability could be exploited to overwrites some important system file and cause a DoS condition.

0patch also released a patch for another flaw disclosed last month by SandboxEscaper, it is an arbitrary file read vulnerability that could be exploited by a low-privileged user or a malicious program to read the content of any file on a Windows system.

The Windows zero-day flaw affects the”MsiAdvertiseProduct” function that generates an advertise script or advertises a product to the computer. The MsiAdvertiseProduct function enables the installer to write to a script the registry and shortcut information used to assign or publish a product. The script can be written to be consistent with a specified platform by using MsiAdvertiseProductEx.

According to the SandboxEscaper, the lack of proper validation could allow an attacker to force installer service into making a copy of any file as SYSTEM privileges and read its content.

The third flaw addressed by 0patch was disclosed by the expert John Page via ZDI.

The security expert discovered a zero-day vulnerability in the processing of VCard files that could be exploited by a remote attacker, under certain conditions, to hack Windows PC. 

An attacker can use create a specially crafted VCard file that contains in the contact’s website URL field that points to a local executable file. 
This second file can be sent within a zipped file as an email attachment or delivered via drive-by-download attacks.

When the victim clicks that website URL, the Windows operating system would execute the malicious file without displaying any warning. John Page also published proof-of-concept exploit code for the vulnerability,

Further details on the patches released by 0patch experts, including their codes are available here:

https://blog.0patch.com/2019/01/one-two-three-micropatches-for-three.html

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – security patches, Microsoft)

[adrotate banner=”5″] [adrotate banner=”13″]



you might also like

leave a comment