0Patch Micropatches Issued to Respond to 3 Zero-Day Windows Bug

0Patch has issued a micropatch to tackle three zero-day Windows bugs that have yet to be tackled by Microsoft, including a zero-day distant code execution vulnerability in the Windows Contacts app.

The 0Patch platform allows micropatches to be swiftly dispersed, applied, and unconcerned to/from running procedures without having to restart computers or even restart procedures. The platform is still in beta, even though checking and fine-tuning is nearly at an end. 0Patch has already issued several micropatches to tackle zero-day weaknesses in Microsoft products to assist companies temporarily alleviate vulnerabilities until a complete patch is issued.

The latest round of repairs tackles three lately found vulnerabilities in Microsoft products.

The first patch tackles a fault named AngryPolarBear which was identified by safety researcher SandboxEscaper who circulated a proof-of-concept exploit for the vulnerability in December. Although the vulnerability doesn’t allow distant code execution, an attacker might leverage the weakness to overwrite main system files, which might be utilized in DoS attacks.

The vulnerability lets a local unprivileged procedure to get a selected system file on a weak appliance overwritten in the context of a Windows Error Reporting XML file. The PoC lets the XML file to be substituted with a hard link to the selected target. An attacker will not have much influence over the matter of the XML file but might abuse the fault to corrupt the vital system file pci.sys, and thus avoid the system from booting. The patch halts the XML file from being erased.

The second patch also tackles another vulnerability identified by SandboxEscaper, which has been named readfile. A PoC exploit was also distributed in December. This vulnerability is present in the Windows Installer and might let an attacker get confidential information. The vulnerability can be abused by an unprivileged procedure and lets random files to be read – in the case of the PoC, the desktop.ini file.

The third patch tackles a vulnerability in the Windows Contacts app which, if abused, might result in distant code execution on a vulnerable appliance. The vulnerability fault was identified by ZDI researcher John Page who submitted the fault to Microsoft, which surpassed the 90-day window for delivering a repair. Microsoft has announced that it will not be delivering a repair to rectify the fault, so while micropatches are envisioned to be provisional repairs, this one is likely to be perpetual.

The vulnerability is present in the way that .Contact and .VCF contact information is saved and processed on Windows Vista to Windows 10 OSes. The vulnerability lets the formation of a contact file that has a malevolent payload in a sub-directory, which will be run when the user clicks the link in the contact file.

The Micropatches are supplied via the 0Patch platform which can be fitted free of cost. The Micropatches have been developed for Windows 10 and Windows 7 (for the second two vulnerabilities). Support at 0Patch must be contacted for patches for other susceptible Windows types.