Temporary fix available for one of the two Windows zero-days released in December

Microsoft did not issue official fixes during the recent January Patch Tuesday update window.
Written by Catalin Cimpanu, Contributor

In December 2018, a security researcher going by the name of SandboxEscaper published details and proof-of-concept (PoC) demo code for two Windows zero-days.

Today, cyber-security firm Acros Security published a temporary patch for the second zero-day, a patch that protects Windows systems against any exploitation attempts.

The temporary patch was released because Microsoft didn't release an official patch for either of the two zero-days during the January Patch Tuesday update window.

The first zero-day, disclosed on December 20, is a vulnerability in the Windows OS ReadFile file that allows malware to read any file they want, regardless of its permissions level.

The second zero-day, disclosed after a week and known online as the "AngryPolarBearBug," is a vulnerability that impacts the Windows Error Reporting (WER) system and allows malware to overwrite and replace any file on the system.

This is the one that received a temporary patch, which users can apply by downloading and installing the 0patch Agent client. The temporary patch is currently available only for 64-bit Windows 10 version 1803, but the company is open to requests if users need the patch for other platforms.

"We're close to issuing a micropatch for ReadFile as well," Mitja Kolsek, CEO of Acros Security, told ZDNet yesterday in an interview.

Kolsek's company has previously released many similar temporary fixes for zero-days that Microsoft didn't fix in time, or did not patch correctly in its first attempts. But usually, the 0patch app has been used to deliver micropatches for Windows versions that have reached End-Of-Life (EOL) and are not receiving official updates from Microsoft anymore.

SandboxEscaper has released similar zero-days in August and October last year, all of which Microsoft patched a month later --except the December ones.

Only the August zero-day was incorporated in active malware campaigns before it received a fix from Microsoft. The October and December zero-days have not been exploited in the wild, as of yet.

Update, January 21: Today, the 0patch team also released a temporary patch for the first SandboxEscaper zero-day.

Cybercrime and malware, 2019 predictions

More security coverage:

Editorial standards