avatar hardware_software

IT news


Следить за персональным блогом

Автоматизированная система Промышленная безопасность и охрана труда

Обновления главной ленты блогов
Вконтакте Facebook Twitter RSS Почта Livejournal

На нашем портале можно бесплатно публиковать информацию о своей компании, размещать товары и услуги и цены на них.
Ведите свой личный или корпоративный блог и его ежедневно увидят 30 тысяч посетителей нашего сайта.

31 августа 2018, 05:08

0patch beats Microsoft to patching Windows 10 task scheduler 0-day vulnerability


Just 24 hours after a zero-day bug in Windows task scheduler was revealed by @SandboxExplorer on Twitter, the vulnerability has been patched. While Microsoft said it would "proactively update impacted advices as soon as possible" the patch has not come from the Windows-maker.

Instead, it was left to micro-patching specialists 0patch to produce a fix for the Task Scheduler ALPC Local Privilege Execution (VU#906424) security flaw -- one that is a mere 13 bytes in size.

See also:

While the severity of the security flaw was limited by the fact that a computer already had to be compromised to a degree in order for it to be exploited, it was still relatively serious as it made it possible for an attacker to gain high level privileges with a local account.

0patch had a patch available for testing yesterday, and today the group has published its verified version of the fix for anyone to use free of charge.

0patch shared the news about its patch on Twitter:

Validated and verified, our micropatch for @SandboxEscaper's LPE in Task Scheduler is now published and freely available for everyone to use. It currently applies only to fully updated 64bit Windows 10 1803. We welcome requests for ports to other versions at support@0patch.com. pic.twitter.com/9pNufwUehU

— 0patch (@0patch) August 30, 2018

If you already have the 0patch Agent installed, you should find that you already have the micropatch available. If not, you can download the patching software from 0patch.com. If you're interested in viewing the source code, it has been shared in another tweet:

Blog post is in the making but for the impatient, here's the source code of our micropatch. Three patchlets, one calling RpcImpersonateClient, one removing a premature call to RpcRevertToSelf, and one adding a RpcRevertToSelf call where it should be. Just 4 instructions. pic.twitter.com/PtgsPJiiSO

— 0patch (@0patch) August 30, 2018

Source: http://feeds.betanews.com/~r/bn/~3/ZfD-PCUD5aY/