Unpatched Windows Vulnerability Made Public by Google Gets a 3rd Party Fix
Google has recently published the details of a Windows vulnerability that’s yet to get a patch from Microsoft, which means that users running the operating system on their desktops are still exposed to attacks.
A third-party security group called 0patch and created by experts at ACROS Security released a third-party patch for the Windows gdi32.dll memory disclosure bug in an attempt to address the vulnerability until Microsoft ships a patch. This is projected to happen on March 14 when Microsoft rolls out this month’s Patch Tuesday updates.
The gdi32.dll vulnerability, tracked as CVE-2017-0038, is the first one getting what the group calls a 0patch, which is essentially a fix for a 0day that’s yet to be patched by the vendor.
The security flaw exists in the way the EMF image format is handled by Windows, allowing an attacker to access sensitive data on a vulnerable system. Windows 7, Windows 8.1, and Windows 10 are all affected and getting today’s third-party patch.
"Security concerns"
Users who want to deploy this fix need to download the so-called 0patch Agent, a dedicated application that will automatically receive and deploy third-party patches for zero-days that aren’t fixed by their vendors. Once Microsoft ships its own patch, the unofficial fix is automatically removed, 0patch explains.
“Microsoft will likely fix this issue with their next Patch Tuesday (March 14), so ours is the only patch available in the World until then. We'll also try to micropatch the other 0-day revealed by Google,” the group says.
While a temporary patch certainly comes in handy especially because Microsoft sometimes needs more time to address the zero-days that are being made public, it remains to be seen how many users actually agree to install these fixes since they do not come from Microsoft itself given all the security concerns.
At the same time, it’d be interesting to see what the Redmond-based software giant believes about this new effort, so we reached out to the firm to ask whether it recommends users to install these patches or not.
http://news.softpedia.com/news/unpatche ... 3547.shtml
Old Posted News
- Whatacrock
- Release Maintainer
- Posts: 1967
- Joined: Mon Oct 28, 2013 10:47 am
- Location: Australia
- Contact:
Unpatched Windows Vulnerability Made Public by Google Gets a 3rd Party Fix
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
Microsoft admits mistake, pulls problematic Windows 10 driver
Microsoft pushed out a mysterious driver to Windows users on Wednesday that caused big problems for some.
The driver, listed as "Microsoft -- WPD -- 2/22/2016 12:00:00 AM -- 5.2.5326.4762," wasn’t accompanied by any details, although we knew from the name that it related to Windows Portable Devices and affected users who had phones and tablets connected to the OS.
While the driver was an optional update for Windows 7 and 8.1 users, it was installed automatically for those on Windows 10.
Microsoft today admitted the problem with the driver, saying on the Answers Forum:
An incorrect device driver was released for Windows 10, on March 8, 2017, that affected a small group of users with connected phones or portable devices. After installation, these devices are not detected properly by Windows 10, but are affected in no other way.
We removed the driver from Windows Update the same day, but if the driver had already installed, you may still be having this issue.
If you have yet to install the driver you no longer have to worry about it. If you’re not sure if you have it installed in Windows 10, you can check by going to Settings > Update and Security > Windows Update > Update History, and looking for "Microsoft -- WPD -- 2/22/2016 12:00:00 AM -- 5.2.5326.4762."
On the Answers Forum post, Microsoft lists several methods for removing the driver, starting with using a System Restore Point. It also explains how you can prevent the driver from reinstalling.
https://betanews.com/2017/03/10/microso ... 10-driver/
The driver, listed as "Microsoft -- WPD -- 2/22/2016 12:00:00 AM -- 5.2.5326.4762," wasn’t accompanied by any details, although we knew from the name that it related to Windows Portable Devices and affected users who had phones and tablets connected to the OS.
While the driver was an optional update for Windows 7 and 8.1 users, it was installed automatically for those on Windows 10.
Microsoft today admitted the problem with the driver, saying on the Answers Forum:
An incorrect device driver was released for Windows 10, on March 8, 2017, that affected a small group of users with connected phones or portable devices. After installation, these devices are not detected properly by Windows 10, but are affected in no other way.
We removed the driver from Windows Update the same day, but if the driver had already installed, you may still be having this issue.
If you have yet to install the driver you no longer have to worry about it. If you’re not sure if you have it installed in Windows 10, you can check by going to Settings > Update and Security > Windows Update > Update History, and looking for "Microsoft -- WPD -- 2/22/2016 12:00:00 AM -- 5.2.5326.4762."
On the Answers Forum post, Microsoft lists several methods for removing the driver, starting with using a System Restore Point. It also explains how you can prevent the driver from reinstalling.
https://betanews.com/2017/03/10/microso ... 10-driver/
Re: Microsoft admits mistake, pulls problematic Windows 10 driver
you know what they mean by "small group of users"? (it affected a lot of people who are pissed.)