[German]ACROS Security has released a micropatch for the CVE-2020-1300C (RCE) vulnerability for Windows 7 and Server 2008 R2 (without ESU license). Here is some information about this micropatch.
The CVE-2020-1300 vulnerability
German BSI BSI already warned of this vulnerability in the summer (see German BSI warns of several critical Windows vulnerabilities). CVE-2020-1300 was announced in June 2020. According to mitre.org CVE-2020-1300 is a remote code execution vulnerability that occurs when Microsoft does not properly handle Windows Cabinet files.
To exploit the vulnerability, an attacker would have to trick a user into either opening a specially crafted cabinet file or trick a network printer and force a user to install a malicious cabinet file disguised as a printer driver. This update addresses the vulnerability by correcting how Windows handles cabinet files, also known as the "Windows Remote Code Execution Vulnerability". The Zero-Day-Initiative has published a contribution to this vulnerability here.
Microsoft released a security update for the affected Windows systems on June 9, 2020, which closes the vulnerability. The fix is included in the Rollup Update for Windows 7 SP1. However, users of Windows 7 SP1 and Windows Server 2008 R2 who do not have an ESU license will no longer receive the security updates released by Microsoft.
0patch-Fix for Windows 7 SP1/Server 2008 R2
ACROS Security has developed a micropatch for the vulnerability CVE-2020-1300. I got aware of the information about the release of the micropatch for Windows 7 SP1 and Windows Server 2008 R2 via Twitter. Further information can be found in the course of these tweets.
This micropatch is now available for 0patch users with PRO license and is already applied to all online computers with 0patch Agent (except in non-standard enterprise configurations). As always, there is no need to restart the computer and users' work is not interrupted. The analysis of the bug can be found on the Zero Day Initiative Blog. For information on how the 0patch Agent works, which loads the micro-patches into memory at runtime of an application, please refer to the blog posts (e.g. here) I have linked below.
Windows 7: Forcing February 2020 Security Updates – Part 1
Windows 7: Securing with the 0patch solution – Part 2
Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
Cookies helps to fund this blog: Cookie settings