Micropatch for Windows 10 zero day

Earlier this week a security researcher released exploit code for a Windows zero-day affecting the Task Scheduler ALPC interface. Today, cyber-security firm Acros Security published a temporary fix (called a micropatch) that prevents exploitation of that particular zero-day.

Users can apply the temporary patch by downloading and installing the 0patch Agent client.

Micropatch currently available for latest Windows 10 only

The patch is only available for users of 64-bit Windows 10 v1803 versions, Mitja Kolsek, CEO of Acros Security, told Bleeping Computer today via email.

"We're releasing a Windows Server 2016 micropatch tomorrow," Kolsek said.

The company also plans to publish a blog post tomorrow, detailing the micropatch's inner workings in more depth, along with its source code, in case companies would like to apply it to their own systems via other means than the 0patch agent.

The company is also looking for suggestions and requests to port the patch to other affected platforms. "We welcome requests for ports to other versions at support@0patch.com," the company said.

Zero-day also affects 32-bit platforms, not just 64-bit

This zero-day surfaced two days ago, on August 29, when a security researcher published proof-of-concept code on GitHub and promoted it on Twitter. The zero-day allows an attacker to elevate the permissions of malicious code running on a user's device from Guest or User level to System access.

The original exploit code published on GitHub was known to work only on 64-bit versions of Windows 10 v1803 and Windows Server 2016.

A day later, on August 29, security researchers Will Dormann and Kevin Beaumont reported that with minor tweaks, the exploit code could be modified to work on 32-bit versions as well.

Microsoft provided a canned response on the matter that didn't say anything useful, as the company usually does in regards to security issues, but the OS maker is expected to fix the zero-day vulnerability on September 11, the date of the next Patch Tuesday security updates train.

Two days after its release, there have been no reports of the zero-day being used in the wild by malicious threat actors.

This is not the first time Acros Security has provided a micropatch for a Windows flaw.

Related Articles:

Edge Browser Can Now Sign Into Microsoft Accounts With FIDO2 Security Keys

Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks

Erratic Windows 10 Bug Breaks Changing of Default File Associations

Microsoft Bug is Deactivating Windows 10 Pro Licenses and Downgrading to Home

Microsoft Releases Info on Protecting BitLocker From DMA Attacks