Three newly discovered vulnerabilities in Windows get a temporary patch. This is not from Microsoft, which has not yet closed the leaks, but from a third party that specialises in this area.
Between December 20 and January 10, three major vulnerabilities were discovered in Windows. The zero-day vulnerabilities allow hackers, among other things, to execute malicious code with increased privileges, or to read files that are normally protected. Microsoft did not have a patch ready for the problems on patch Tuesday, which is not surprising given the timing. After all, the Windows builder has to make sure that a solution to the existing problems does not lead to new problems. Microsoft has burnt itself to death over the last few months.
The result is that the loopholes are basically still open. Security company Acros therefore puts itself in the spotlight with a solution. Arcos built temporary patches for the three problems. They are available through the company’s 0patch agent.
0patch: protection without real patch
0patch is a system in which vulnerabilities are temporarily resolved via real-time patches. They tackle the vulnerable binaries and processes as they are used. We could describe the system as a digital duckttape: a solution that works surprisingly well, but is nevertheless temporary.
Acros initially developed 0patch as a tool to support organizations that want to continue using the old version of Windows. These are no longer supported by Microsoft, as a result of which known vulnerabilities accumulate, and over time hackers can choose between front and back doors to exploit as they wish. With 0patch those leaks were closed on the fly.
What about Microsoft?
Recently, the company has increasingly positioned the solution as a useful tool for current Windows installations. It is a fact that Microsoft needs time to work out a good patch, and on top of that, that patch usually needs to be tested in an enterprise environment as well. With 0patch you can work with a flexible solution. Temporary patches can be switched on or off at the push of a button, without installation, de-installation or reboot. If compatibility problems do occur, they are solved in no time at all.
The 0patch of Windows vulnerability makes you think about Microsoft’s policy. Patch Tuesday is all well and good, but a Microsoft-built flexible solution that would close a leak to the official patch in a way that can be quickly turned on and off would make systems safer without any compatibility issues. What Acros does is a fantastic thing, the only question is why 0patch should come from a third party in an era in which security is more important than ever.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.