[German]0patch has released a 0day patch to fix a critical vulnerability (CVE-2018-8174) in Windows VBScript Engine. This will be helpful for users who are not able to install May 2018 security updates due to issues.
Advertising
Vulnerability CVE-2018-8174
In Windows, there is a critical remote code execution vulnerability CVE-2018-8174 in the Windows VBScript engine. The whole thing must have caught the attention of Kaspersky security researchers, but also of Chinese security researchers from 360, who reported the whole thing to Microsoft. Microsoft writes in the Security Guidances for CVE-2018-8174:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
Hey dude, it's fixed already …
Microsoft provides within Security TechCenter not only details about CVE-2018-8174. There are also security updates for Windows 7 till Windows 10 to mitigate this vulnerability. So the issue has been fixed since May 8, 2018.
But wait, that's not all. Some users are facing RDP connection issues due to inconsistent patch level (cause by the May 2018 security updates). In some scenarios they are forced to (temporary) remove all May 2018 updates to establish RDP connections.
And I just mentions network issues after installing KB4103718/KB4103712 on Windows 7 SP1 or Windows Server 2008 R2 SP1. I've blogged about this within my blog post Windows 7 SP1 network bug (KB4103718/KB4103712).
0patch to mitigate CVE-2018-8174 available
I read today at askwoody.com that ACROS Security released fix (called 0patch) to mitigate CVE-2018-8174. 0patch is well know for their fixes to mitigate 0-day exploits. Details about CVE-2018-8174 may be found within this opatch blog-post.
Advertising
0patch sadly imposes a significant performance hit which probably will not be noticed on newer hardware but hits the likes of Pentium 4 processors hard. I uninstalled 0patch and my 2006 era Windows 7 64bit system became acceptably fast again. TaskManager does not make it obvious where the hit is. The 0patch processes show little CPU load so it must be hitting other processes.
It's a shame because I had hopes that 0patch would keep my remaining Windows 7 system reasonably secure after January 2020.