Micropatch for Windows 10 zero day

Earlier this week a security researcher released exploit code for a Windows zero-day affecting the Task Scheduler ALPC interface. Today, cyber-security firm Acros Security published a temporary fix (called a micropatch) that prevents exploitation of that particular zero-day.

Users can apply the temporary patch by downloading and installing the 0patch Agent client.

Micropatch currently available for latest Windows 10 only

The patch is only available for users of 64-bit Windows 10 v1803 versions, Mitja Kolsek, CEO of Acros Security, told Bleeping Computer today via email.

"We're releasing a Windows Server 2016 micropatch tomorrow," Kolsek said.

The company also plans to publish a blog post tomorrow, detailing the micropatch's inner workings in more depth, along with its source code, in case companies would like to apply it to their own systems via other means than the 0patch agent.

The company is also looking for suggestions and requests to port the patch to other affected platforms. "We welcome requests for ports to other versions at support@0patch.com," the company said.

Zero-day also affects 32-bit platforms, not just 64-bit

This zero-day surfaced two days ago, on August 29, when a security researcher published proof-of-concept code on GitHub and promoted it on Twitter. The zero-day allows an attacker to elevate the permissions of malicious code running on a user's device from Guest or User level to System access.

The original exploit code published on GitHub was known to work only on 64-bit versions of Windows 10 v1803 and Windows Server 2016.

A day later, on August 29, security researchers Will Dormann and Kevin Beaumont reported that with minor tweaks, the exploit code could be modified to work on 32-bit versions as well.

Microsoft provided a canned response on the matter that didn't say anything useful, as the company usually does in regards to security issues, but the OS maker is expected to fix the zero-day vulnerability on September 11, the date of the next Patch Tuesday security updates train.

Two days after its release, there have been no reports of the zero-day being used in the wild by malicious threat actors.

This is not the first time Acros Security has provided a micropatch for a Windows flaw.

Related Articles:

Exploit Published for Unpatched Flaw in Windows Task Scheduler

Microsoft September 2018 Patch Tuesday Fixes 16 Critical Vulnerabilities

Microsoft’s Poor Reply to Open Letter on Windows 10 Update Experiences

An Open Letter to Microsoft About Poor Windows 10 Update Experiences

Windows Task Scheduler Zero Day Exploited by Malware