In December 2018, a security researcher going by the name of SandboxEscaper published details and proof-of-concept (PoC) demo code for two Windows zero-days.
Today, cyber-security firm Acros Security published a temporary patch for the second zero-day, a patch that protects Windows systems against any exploitation attempts.
The temporary patch was released because Microsoft didn't release an official patch for either of the two zero-days during the January Patch Tuesday update window.
The first zero-day, disclosed on December 20, is a vulnerability in the Windows OS ReadFile file that allows malware to read any file they want, regardless of its permissions level.
The second zero-day, disclosed after a week and known online as the "AngryPolarBearBug," is a vulnerability that impacts the Windows Error Reporting (WER) system and allows malware to overwrite and replace any file on the system.
This is the one that received a temporary patch, which users can apply by downloading and installing the 0patch Agent client. The temporary patch is currently available only for 64-bit Windows 10 version 1803, but the company is open to requests if users need the patch for other platforms.
"We're close to issuing a micropatch for ReadFile as well," Mitja Kolsek, CEO of Acros Security, told ZDNet yesterday in an interview.
Kolsek's company has previously released many similar temporary fixes for zero-days that Microsoft didn't fix in time, or did not patch correctly in its first attempts. But usually, the 0patch app has been used to deliver micropatches for Windows versions that have reached End-Of-Life (EOL) and are not receiving official updates from Microsoft anymore.
Only the August zero-day was incorporated in active malware campaigns before it received a fix from Microsoft. The October and December zero-days have not been exploited in the wild, as of yet.
Update, January 21: Today, the 0patch team also released a temporary patch for the first SandboxEscaper zero-day.
More security coverage:
- Some Android GPS apps are just showing ads on top of Google Maps
- Hackers breach and steal data from South Korea's Defense Ministry
- Online stores for governments and multinationals hacked via new security flaw
- Google Chrome extension that steals card numbers still available on Web Store
- Advertising network compromised to deliver credit card stealing code
- WordPress to show warnings on servers running outdated PHP versions
- Twitter messages to Russian cybersecurity firm helped NSA leak probe CNET
- Marriott reveals data breach affecting 500 million hotel guests TechRepublic