Security company 0Patch has done what Microsoft hasn’t for Windows 7, the OS MS terminated recently. 0Patch has released a security patch that addresses a vulnerability in Internet Explorer. The patch is incidentally the first of its kind for Windows 7 after it reached its End of Life on January 14, 2020.
Microsoft recently ended the official free support for Windows 7 and even indicated that it would not support Internet Explorer 11 on the obsolete operating system either anymore. The timing has been rather poor because a vulnerability that affected Internet Explorer was discovered after support ended. Incidentally, the Security Vulnerability has been rated ‘Critical’, which is the highest severity rating.
0Patch Releases Security Patch For Internet Explorer Vulnerability:
A Security Vulnerability, rated Critical, was discovered right after Microsoft officially ended free support for Windows 7. The company has also ceased to extend critical and security update support for the obsolete Internet Explorer. Incidentally, the critical flaw was discovered inside the latest version of the browser (IE11), which is also the last ever version of the default Windows OS web browser.
Microsoft confirmed that it was aware of limited attacks targeting the vulnerability. The company even indicated that administrators should expect a patch to arrive on the second Tuesday of February. The schedule is popularly referred to as Patch Tuesday, and on this day almost all supported versions of Windows OS receive updates that include security improvements and bug fixes.
0patch releases micropatch for Internet Explorer vulnerability — including for Windows 7 https://t.co/XCYDt5KEDY
— Harjit Dhaliwal [MVP] (@Hoorge) January 22, 2020
Incidentally, Microsoft will have to provide the patch for Enterprise customers and businesses that are subscribed to the Extended Security Updates program. The paid support that companies can avail is valid for three years, with costs increasing every year. The Extended Security Updates (ESU) program is not valid for Windows 7 Home version.
Interestingly, Microsoft has sent out emergency security updates to unsupported operating systems and platforms in the past year. The company does appear to care for the security of computers that are still running aging or obsolete software platforms. Hence, it is quite likely that Microsoft could make an exception in this case too. However, Windows 7 OS users who refuse to upgrade to Windows 10 must consider availing the services of 0Patch. Additionally, Microsoft has officially released the new Chromium-based Edge web-browser that also works on Windows 7.
How To Install Third-Party Security Patch Updates From 0Patch On Windows 7:
A blog post on the official 0Patch website offers a detailed method on how to apply the micro-patch. According to the company’s claims, the patch is available and applicable for Windows 7, Windows 10 version 1709, 1803 and 1809, Windows Server 2008 R2, and Windows Server 2019.
Administrators and end-users of the operating systems that need the patch, but may not receive the same from Microsoft in time, must download the 0Patch Agent from the company’s website. Needless to add, 0Patch offers a free dashboard that can be installed on all Windows PCs.
— Ziny_The_Replicant (@BotZiny) January 23, 2020
Interested users must note that 0patch mandates an initial account sign-up to avail the micro-patches. However, the company isn’t charging anything for the account creation, but a few patches do cost money. Administrators who run the 0Patch Agent software on their devices may toggle patches on or off in the interface.
After the 0Patch dashboard is installed, and an account is synced, data is matched between the local system and the server to determine the patch state of the system. The program lists patches that are available for free and for purchase in the interface. For the current vulnerability, 0Patch has offered a free patch, which needs to be selected, downloaded and installed.
#darkhotel #0day #exploit
Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. https://t.co/1mbqh1IMDz
— blackorbird (@blackorbird) January 18, 2020
0Patch claims its patch does not cause the side-effects that Microsoft’s workaround is causing. We had previously reported about the vulnerability and offered a workaround. However, we had cautioned that web applications that make use of jscript.dll could fail to work correctly.