[German]In recent months, a number of vulnerabilities and attack mechanisms have become known that could be used to siphon off credentials (NTLM/Kerberos). Not all vulnerabilities are easily exploitable, not everything has been fully patched by Microsoft. ACROS Security has now decided to close all known and exploitable Windows NTLM/Kerberos vulnerabilities by means of micropatches. ACROS Security has also completed the DFSCoerce forced authentication issue micropatch.
Advertising
ACROS Security, the security provider of founder Mitja Kolsek, has been mentioned here on the blog often with its micropatches. They provide free and paid micropatches via the 0patch agent, which are loaded into memory at the runtime of an application and then render the vulnerabilities harmless. Notes on how the 0patch agent works, which loads the micropatches into memory at an application's runtime, can be found in blog posts (such as here).
I came across the above tweet from Mitja Kolsek where he comments on the issue. Due to numerous customer requests, ACROS Security has decided to fix all known exploitable credential sharing (NTLM/Kerberos) issues in Windows. This even applies to cases where the attacker needs credentials with low privileges (which can be assumed in any larger network). Kolsek then provides an overview of the current status on Twitter.
For example, a bug in the print spooler that allows privilege escalation is closed with a micropatch. Other micropatches address the following vulnerabilities:
Advertising
- "PetitPotam" (CVE-2021-36942)
- RemotePotato0 (unfixed)
On July 1, 2022, they released a micropatch for the "DFSCoerce" 0day vulnerability (described on Twitter and Github). Microsoft's code correctly checks whether the user has access, but still initiates authentication with the attacker's server.
Similar articles:
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
0patch fixes 0-day vulnerability in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1013 in Windows 7/Server 2008 R2
0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec
0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability
0patch fixes 0-day in Internet Explorer
0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2
0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)
0Patch provides support for Windows 10 version 1809 after EOL
Windows 10 V180x: 0Patch fixes IE vulnerability CVE-2021-31959
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)
0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 6, 2021)
2nd 0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 19, 2021)
Windows 10: 0patch fix for MSHTML vulnerability (CVE-2021-40444)
0patch fixes LPE Vulnerability (CVE-2021-34484) in Windows User Profile Service
0patch fixes LPE vulnerability (CVE-2021-24084) in Mobile Device Management Service
0patch fixes InstallerTakeOver LPE 0-day vulnerability in Windows
0patch fixes ms-officecmd RCE vulnerability in Windows
0patch fixes RemotePotato0 vulnerability in Windows
0patch fixes again vulnerability CVE-2021-34484 in Windows 10/Server 2019
0Patch fixes vulnerabilities (CVE-2022-26809 and CVE-2022-22019) in Windows
Windows MSDT 0-day vulnerability "DogWalk" receives 0patch fix
Advertising