Third-Party Vendor Issues Temporary Patch For Windows Vulnerability

An anonymous reader writes: "A vulnerability discovered by Google Project Zero security researchers and left without a patch by Microsoft received a temporary fix from third-party security vendor ACROS Security," according to Bleeping Computer. Microsoft is set to officially patch the flaw on March 15, after it previously pushed back February's Patch Tuesday for next month.

"According to Google researchers, attackers could leverage malformed EMF files to expose data found in the victim's memory, which can then be leveraged to bypass ASLR protection and execute code on the user's computer... ACROS Security has issued a temporary patch that can be applied to Windows computers via its product, called 0patch, a platform that applies fixes for zero-days, unpatched vulnerabilities, end-of-life and unsupported products, for legacy OSes, vulnerable 3rd party components, and customized software." When Microsoft issues an official update, the temporary patch will stop working immediately.

Patch Not Needed

APK's HOSTS file will protect me.

Re: Patch Not Needed

[dougdonovan]

gosh windows doesnt need a patch but it is issued anyway why am i responding to this cause i have nothing else better to do than to sit in front of monitor and stare at it.

Why do Microsoft push back a critical patch?

did they get a court order from the NSA, because they need time to exploit it? Apple has done the same in the past, waiting up to 10 months fixing flaws that were critical, but had trivial solutions.

Re:Why do Microsoft push back a critical patch?

Because they need to make sure the patch won't screw up something else?

Or at least, that's one of the excuses they give.

Re: Why do Microsoft push back a critical patch?

You figured it out, you unpatriotic rebel scum! Only those with something to hide would be against zero-day exploits!

Re:Why do Microsoft push back a critical patch?

I don't think it's credible that companies could receive court orders not to fix critical bugs. However, some collusion is less far-fetched, especially in case of Apple who allowed passphrases for the file vault to be obtainable with a simple grep command for many, many years. In other words, voluntary cooperation is more likely than involuntary. (Think about how ridiculously weak cell phone encryption standards used to be, for instance.)

Re:Why do Microsoft push back a critical patch?

[tlhIngan]

did they get a court order from the NSA, because they need time to exploit it? Apple has done the same in the past, waiting up to 10 months fixing flaws that were critical, but had trivial solutions.

Because patches need to be tested to make sure they don't break things. Trivial solutions may introduce side effects that break other things unexpectedly.

For an example, take Linux. You'd think everyone who uses Linux would install every update immediately (and there are lots that come out daily). But at work, we disable updates, because you know what happens? Some update happens and then your installation is broken. Sure it boots, sure you can log in. But all of a sudden the build breaks because a minor tool stopped working. And now you're down a developer for a week who has to figure out why they can't compile their code anymore.

And that's Linux with the free patching policy where updates are applied willy-nilly. Sure the bugs are fixed, but no one does a bigger integration test to make sure it didn't break something else. (And yes, we occasionally run into the whole "X stops working" style bugs as well. But at least for those we give the user a replacement hard drive with a clean Linux install. They keep the old drive to migrate their user data and then it's returned and wiped. And if they update and screw up the install again, we make a note to not go further than that via updates.)

So we simply disable all updates leaving all Linux installs vulnerable.

Of course, Apple and Microsoft don't have such luxuries so even a 5 minute fix needs extensive regression testing and even sometimes full system tests to make only reasonably sure that it won't break much. (There will always be someone with a strange configuration that breaks.)

Open source helps a little bit, only because if it's a particularly bad system break there's going to be a lot of people debugging it for you.so the original developer gets a lot of (free) help.

Debugging and fixing bugs, especially deep bugs in core systems like kernel or graphics systems is just a tiny part of the entire development time. Most of it is spent in testing because an error in the fix will propagate into the strangest of bugs in the higher levels of the stack.

Re:Why do Microsoft push back a critical patch?

It's a reasonable excuse, but only because they have such an unreasonable patch process. They can't just release a patch for one issue any more, it's got to be integrated into a monthly rollup.

Re: Why do Microsoft push back a critical patch?

Yum-cron causes OOM on my 512MB VPS instances but not on my 1 GB ones. It's fucking annoying.

And then there's the older kernels on openvz type servers...

I vote they keep going! Make more patches!

M$ seems to be blowing it right and left so why not?

EMF?

Why the fuck does a browser load an EMF file?

How about locking it down to js, css, html, png, gif, and jpg?

What's next? Direct in-browser rendering and execution of exe, com , bat, pif, reg, and dll?

Re:EMF?

They can get rid of the JavaScript, too.

Re:EMF?

What's next? Direct in-browser rendering and execution of exe, com , bat, pif, reg, and dll?

That was called ActiveX.

Re: EMF?

[wasteoid]

It's Unbelievable!

How'd you know that's true? apk

See my subject: I don't even know that & anyone tried this patch yet?

* Let's hear about it...

(Must admit I'm hesitant to try a patch minus hearing how it goes for others 1st...)

APK

P.S.=> It's possible it could depending on how this threat's leveraged & what, if anything, it talks to + how (host/domain name vs. IP address, etc. - et al)... apk

Re:How'd you know that's true? apk

I tried the 0patch agent and then uninstalled it after my computer was noticeably slower.

ACROS Security?

Never heard of it. I'm not applying a non-transparent third party patch.

Do you want to join botnet? Because this is how you join botnet.

Re:ACROS Security?

It's transparent... the patch's source code is public. You can apply it via other software if you like.

Patch Tuesday is March 14, not 15

[arobatino]

Next Patch Tuesday is March 14. Let's not make it any later than it is.

Re:Patch Tuesday is March 14, not 15

[antdude]

Basically, pi day! :P

It's bitztream

The autism-hating, Musk-hating, custom EpiPen-hating Slashdot troll!

patching without source code

[EE101]

A truthful question. How is a patch applied to a binary without the source code to compile a new binary?

Re: patching without source code

[ewanm89]

So you have never changed a value in some binary to skip a routine or something? It is relatively easy to change a conditional jump to an unconditional jump or noop if you know a little reverse engineering, crackers used to do such things all the time to bypass things like disk checks.

Re:patching without source code

[Lunix+Nutcase]

https://null-byte.wonderhowto....

Re:And?

Gramps, go back to bed.

Re:And?

Because all of the little millennial kids are impressed by it. They are the same people who consider the ability to plug in PC expansion cards, RAM modules or CPUs an indicator of computer expertise.

Malformed EMF file?

[Th0th]

That's unbelievable...

So

[BitztreamNotARealNam]

How's life in the hypocrite lane, gramps?

APK Hosts File Engine 9.0++ SR-7 32/64-bit

APK Hosts File Engine 9.0++ SR-7 32/64-bit http://www.bing.com/search?q=%22start64.com%22%20and%20%22APK%20Hosts%20File%20Engine%22&qs=n&form=QBRE&sp=-1&pq=%22start64.com%22%20and%20%22apk%20hosts%20file%20engine%22&sc=0-41&sk=&cvid=4E6D0ACAB195467CB44CC4E3AA653148/

Ads & malware rob speed/security/privacy

Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!

* NATIVELY in the IP stack's FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Classic case = installer password bypass or

See my subject: Replacing a jne (jump not equal) w/ a noop to bypass passwords for installs etc. - or per my subject, in the case of my own ware here https://tech.slashdot.org/comments.pl?sid=10324921&cid=53984051/ to alter it (changing string resources from MY initials or its name to another) OR to undo its built in antivirus protection.

I.E. - It does .exe sizechecks to give it what I call "Hyper Alloy Combat Chassis - Microprocessor controlled: Fully Armored, Very Tough" construction in EACH function/procedure for antivirus built in (it's executable cannot change size even by 1 byte or it warns it may be altered by program "hackers" looking to do what's in my subject or that it is infected by a 'classical virus' that attaches to the tail end of a program changing jump tables as they do - it shuts itself down @ that point & will NOT run...).

I built it this way since the program IS actual hacker/cracker & malware/virus/botnet herder's enemy (especially them). It inevitably will be attacked (& why I won't "OpenSORES" it - I don't want a Google EFast on MY conscience).

Only problem?

It additionally does jne's 100's of times doing such comparisons vs. attack/infestation/alteration AND 10's of 1,000's more in the very work it does filtering vs. false positives in its data!

It'd be a LOT of work to undo & undo right. Especially minus step tracing as in the case of a TRUE debugger/disassembler. There are tools others noted here (like hexeditors) that are NOT that but will let you do the job MAYBE in some cases (my methods make those tools backfire & make it a HUGE pain for debuggers too (taking FAR longer, in addition to the fact it does comparisons by TRUCKLOADS beyond the 'antivirus' code built into it)).

APK

P.S.=> Executable compression to do that to it on disk (bit less hassle in memory) makes it even MORE difficult! However, admittedly, it is NOT 'impossible' to do - nothing really is, depending on how determined an attacker is & how patient (just takes a LOT more time to do & has to be done JUST right due to sizechecks (making 'hacking it' even MORE difficult/time-consuming)) - much like ASLR in pointers in memory for locations of callstack code, it's a delayer (but imo, more effective due to longer delay due to the fact, again, the code performs TONS of 'jne' in comparison work it does ontop of sizecheck vs. alteration/infection)... apk

So . .

. . a third party patches microsoft software because microsoft can't do it on time? Why are people paying for windows again?

Thanks for test & reply... apk

See my subject, it's appreciated & I briefly changed to Win7's "AeroGlass" display (iirc, it's not dependent on GDI but rather graphic card DirectX) to hopefully offset or avoid this until patched. Only problem(s) = 100's of mb of memory used (for 'shiny' I don't really require though it IS pretty, & WinKey + tab = cool effect imo in turning on Desktop Window Manager & Themes (usermode slower bulk too in & of themselves))... & yes, it too, imo + experience IS slower vs. std. 'classic' oldschool Windows 9x/2000 style startbar desktop (always reminded me of OS/2 workplace shell desktop).

* In any event. thanks for letting me know MS will probably HAVE to slow GDI based display up to make this work (unless their coders can outdo/outperform ACROS' folks (it's possible)).

APK

P.S.=> "Onwards & UPWARDS!!!" & we'll see (hopefully a BETTER more performant patch from MS - not cutting down ACROS' folks either - @ least THEY had the skills & courage to create this patch, assuming it's not faulty OR malware (we don't know that))... apk

Re: Thanks for test & reply... apk

Yes in Vista the DWM stored the memory twice but in 7 it is only on the gpu.

Re:So . .

[Errol+backfiring]

Why are people paying for windows again?

Because they do not have a choice.

no problem

i used true old win xp)

Spyware comes with patch

I downloaded the patch, then found it needs an installer, so I downloaded that and read the terms. Am I the only one who reads these things? It says by installing this software you agree to spyware^h^h^h^h^h^h^h telemetry. Needless to say, I did not install.