Unofficial Patches Released for Three Unfixed Windows Flaws
ACROS Security’s 0patch service has released unofficial patches for three Windows vulnerabilities that Microsoft has yet to address, including denial-of-service (DoS), file read, and code execution issues.
The patches have been made available by 0patch over the past week. One of them is for a Windows 10 flaw that can be exploited by a local unprivileged process to overwrite any file with the content of a Windows Error Reporting XML file.
The details of the flaw were made public last month by a researcher who uses the online moniker “SandboxEscaper.” The cybersecurity enthusiast has previously disclosed Windows vulnerabilities without giving Microsoft the chance to resolve them, in some cases out of frustration over how bug reports are handled.
While flaws that allow the content of a file to be overwritten can often be exploited for arbitrary code execution, in this case the attacker has little control over the content of the XML file, which makes the vulnerability useful mostly for DoS attacks, where the hacker overwrites some important system file.
The second vulnerability patched by 0patch, also disclosed last month by SandboxEscaper, can be exploited by an unprivileged process to read arbitrary files. The security hole exists in the Windows Installer and it can be leveraged to obtain potentially sensitive information.
The last vulnerability addressed by 0patch was disclosed recently by ZDI researcher John Page after Microsoft refused to release a fix within 90 days, as required by ZDI policies.
The flaw affects the Windows Contacts application and it allows an attacker to execute arbitrary code by getting a user to open a specially crafted VCF file. Microsoft initially said it would not patch the issue, but its engineering team later changed its mind. In December, Microsoft again told ZDI that it would not be releasing a patch.
0patch has released details for each of the vulnerabilities, along with the source code of the patches.
ACROS’s 0patch platform enables quick distribution, application and removal of small binary patches (micropatches). These fixes can be applied to running processes without the need to restart the targeted process or the device they are running on.
The 0patch service is still in beta – ACROS says it will soon come out of beta – but it has already delivered micropatches for several vulnerabilities affecting Microsoft products, including other security holes disclosed by SandboxEscaper.