Two more Windows zero-days get temporary patches

A first zero-day received a temporary fix last week. Now, security researchers release two more patches for two other Windows zero-days.

Windows 10 wallpaper

Image: Microsoft; Composition: ZDNet

Temporary patches are now available for all the three Windows zero-days that have been disclosed in the past month. A first temporary patch was released last week, and two others followed this week.

The patches have been made available by a third-party security firm after Microsoft did not release official fixes at the start of the month, during its regular January 2019 Patch Tuesday update window.

To install the temporary patches (also called micropatches), users must install the 0patch Agent client from Acros Security.

The 0patch software was initially created for companies that use old Windows versions across their PC fleet, so Acros experts can deploy patches for new bugs affecting old versions of the Windows operating systems that have reached End-Of-Life (EOL) and are not receiving official updates from Microsoft anymore.

However, over the past year, Acros has also been using its 0patch client to deliver temporary patches for security flaws that Microsoft's staff did not get to fix, for one reason or another, during its regular Patch Tuesday update window.

Over the last five days, Acros experts have released three micropatches for the three Windows zero-days for which proof-of-concept (PoC) exploit code has been posted online, opening the window for possible real-world attacks against Windows users.

The three zero-days that have been disclosed over the past month and which have received micropatches are as follow:

Name
Description
PoC/Demo
Disclosed
Windows ReadFile 0-day
Malicious code can abuse the Windows ReadFile OS function to read any local file, regardles of the user's permission level.
PoC/Demo
December 20
Windows WER 0-day (aka AngryPolarBug)
Malicious code can overwrite and replace any file on the user's system.
PoC/Demo
December 27
Windows VCF (Contacts) 0-day
Malicious code abuses the way Windows reads vCard files (VCFs) to execute code on the computer with elevated privileges.
PoC/Demo
January 10

For now, none of the three Windows zero-days or their respective PoCs have been observed being used in the wild by any malware author or cybercriminal group.

According to security researchers who analyzed the zero-days on Twitter and on security forums in the last month, the main reasons might be that the zero-days either need to be combined with other exploits, aren't always reliable, or can't be used with mass spam distribution campaigns, being only useful in very targeted attacks.

More security coverage: