[German]ACROS Security has released a micropatch for the CVE-2021-26877 vulnerability in the Windows Server 2008 R2 DNS server. This vulnerability was patched by Microsoft in March 2021 via a security update. The 0patch solution is for people who do not have an ESU license.
The vulnerability CVE-2021-26877
CVE-2021-26877 is a remote code execution (RCE) vulnerability in Windows DNS Server. Attack compatibility is rated low by Microsoft and no user interaction is required. Microsoft anticipates that the vulnerability is likely to be exploited.
Microsoft has released security updates for Windows Server 2008 R2 through Windows Server 2004 and 20H2 as of March 9, 2021. However, Windows Server 2008 R2 systems will only receive this security update if a valid ESU license is present.
0patch Micropatch for Windows Server 2008 R2
Mitja Kolsek from ACROS Security points out in the following tweet that there is a micropatch for the vulnerability in the DNS server for Windows Server 2008 R2.
The micropatch is available for systems running Windows Server 2008 R2 that do not have Extended Security Update support (ESU) from Microsoft, but do have an opatch Pro subscription (for 23 Euro+VAT/year). Notes on how the 0patch agent works, which loads the micropatches into memory at an application’s runtime, can be found in blog posts (such as here).
Windows 7: Forcing February 2020 Security Updates – Part 1
Windows 7: Securing with the 0patch solution – Part 2
0patch supports Office 2010 with micro patches after the end of support (EOL)
Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
0patch fixes 0-day vulnerability in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1013 in Windows 7/Server 2008 R2
0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec
0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability
0patch fixes 0-day in Internet Explorer
Cookies helps to fund this blog: Cookie settings