Earlier this week a security researcher released exploit code for a Windows zero-day affecting the Task Scheduler ALPC interface. Today, cyber-security firm Acros Security published a temporary fix (called a micropatch) that prevents exploitation of that particular zero-day.
Users can apply the temporary patch by downloading and installing the 0patch Agent client.
The patch is only available for users of 64-bit Windows 10 v1803 versions, Mitja Kolsek, CEO of Acros Security, told Bleeping Computer today via email.
"We're releasing a Windows Server 2016 micropatch tomorrow," Kolsek said.
The company also plans to publish a blog post tomorrow, detailing the micropatch's inner workings in more depth, along with its source code, in case companies would like to apply it to their own systems via other means than the 0patch agent.
Blog post is in the making but for the impatient, here's the source code of our micropatch. Three patchlets, one calling RpcImpersonateClient, one removing a premature call to RpcRevertToSelf, and one adding a RpcRevertToSelf call where it should be. Just 4 instructions. pic.twitter.com/PtgsPJiiSO— 0patch (@0patch) August 30, 2018
The company is also looking for suggestions and requests to port the patch to other affected platforms. "We welcome requests for ports to other versions at firstname.lastname@example.org," the company said.
This zero-day surfaced two days ago, on August 29, when a security researcher published proof-of-concept code on GitHub and promoted it on Twitter. The zero-day allows an attacker to elevate the permissions of malicious code running on a user's device from Guest or User level to System access.
The original exploit code published on GitHub was known to work only on 64-bit versions of Windows 10 v1803 and Windows Server 2016.
I can't imagine too many people are interested, but I can confirm that with minor tweaks the public exploit code for the Windows Task Manager ALPC vul works on 32-bit Windows 10 as well. pic.twitter.com/1pf2JU6D2o— Will Dormann (@wdormann) August 28, 2018
Microsoft provided a canned response on the matter that didn't say anything useful, as the company usually does in regards to security issues, but the OS maker is expected to fix the zero-day vulnerability on September 11, the date of the next Patch Tuesday security updates train.
Two days after its release, there have been no reports of the zero-day being used in the wild by malicious threat actors.
This is not the first time Acros Security has provided a micropatch for a Windows flaw.