The list of vulnerabilities addressed by 0patch
“While we’re busy ironing out the wrinkles before 0patch finally exits its adolescence (i.e., Beta) and becomes a fully responsible adult able to pay for its own rent, we did find some time to produce…
“That’s right, at this very moment you can get three 0days on your Windows computer
One of the patches addressed a flaw publicly disclosed last month by the researcher known as SandboxEscaper, the vulnerability could be exploited by an attacker with low privileges to elevate them on the vulnerable system. The expert shared the PoC exploit code (deletebug.exe) to delete critical system files, an operation that requests admin level privileges
Security experts noticed that the flaw only affects Windows 10 and recent versions of Windows Server editions because older versions of the Microsoft operating systems don’t implement the Microsoft Data Sharing service.
This vulnerability could be exploited to overwrites some important system file and cause a DoS condition.
0patch also released a patch for another flaw disclosed last month by SandboxEscaper, it is an arbitrary file read vulnerability that could be exploited by a low-privileged user or a malicious program to read the content of any file on a Windows system.
The Windows zero-day flaw affects the”MsiAdvertiseProduct” function that generates an advertise script or advertises a product to the computer. The MsiAdvertiseProduct function enables the installer to write to a script the registry and shortcut information used to assign or publish a product. The script can be written to be consistent with a specified platform by using MsiAdvertiseProductEx.
According to the SandboxEscaper, the lack of proper validation could allow an attacker to force installer service into making a copy of any file as SYSTEM privileges and read its content.
The third flaw addressed by 0patch was disclosed by the expert John Page via ZDI.
An attacker can use create a specially crafted VCard file that contains in the contact’s website URL field that points to a local executable file.
This second file can be sent within a zipped file as an email attachment or delivered via drive-by-download attacks.
When the victim clicks that website URL, the Windows operating system would execute the malicious file without displaying any warning. John Page also published proof-of-concept exploit code for the vulnerability,
Further details on the patches released by 0patch experts, including their codes are available here:
(SecurityAffairs – security patches, Microsoft)