The makers of 0patch, ACROS Security have announced a microfix for a newly disclosed Zero-day RCE vulnerability influencing Windows. Security analyst, John Page announced the information concerning the flaw and PoC effort code after Microsoft let down to patch the problem within ninety days of it being announcement.
“The issue was initially reported as related to VCF files (which are by default associated with the Windows Contacts application) but Page subsequently added that CONTACT files (also by default associated with Windows Contacts) can be used to achieve the same,” Mitja Kolsek, CEO of Acros Security and co-founder at 0patch, explained.
The flaw roots from the concept that nearly any string supplied via a CONTACT file or VCF in the website URL or email worth ends up being utilized as an statement to a ShellExecute call. The call attempts to set up the supplied string on the generalcomputer before endeavoring to run it in the browser. And if a harmful executable that has been retitles to that string has identified its way on the computer of the user or a network share, the call will activated its performance.
As it is yet unknown when and if Microsoft will patch the vulnerability, the 0patch team determined to generate a micro-patch for it.
“We simply added some logic before this call to make sure that if the URL doesn’t start with mailto:, http:// or https://, it gets prepended with http:// to prevent any possible launching of local executables,” Kolsek noted.
The main source code for the microfix has been generated publicly. Besides, it is ideal to note that one time Microsoft patches the vulnerability, the microfix will itself prevent utilizing. 0patch is a method that generates goal to patch Zero-day, non-fixed flaws, unsupported and end-of-life products, offer fixes for bequest operating systems, as well as compromising third party elements and custom-made software. Clients who wish to employ the microfix have to install and register the 0patch agent.
ACROS Security has been engaged recently with generating microfixes for Windows Zero-Day flaws. In the previous week, they issued microfixes for the “AngryPolarBearBug” and “readfile” Zero-Day exposed by the security analyst who goes online by the moniker “SandboxEscaper”.