{"id":13660,"date":"2020-03-14T02:50:58","date_gmt":"2020-03-14T01:50:58","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=13660"},"modified":"2023-03-23T19:11:12","modified_gmt":"2023-03-23T18:11:12","slug":"0patch-fix-for-windows-installer-flaw-cve-2020-0683","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/03\/14\/0patch-fix-for-windows-installer-flaw-cve-2020-0683\/","title":{"rendered":"0patch: Fix for Windows Installer flaw CVE-2020-0683"},"content":{"rendered":"

[German<\/a>]ACROS Security has released a micro-patch for its 0patch agent that fixes the Privilege Escalation vulnerability CVE-2020-0683 in the Windows Installer. The micro-fix is available for users of Windows 7 SP1 and Windows Server 2008 R2 who have not purchased the corresponding ESU package from Microsoft but have purchased support from ACROS Security. <\/p>\n

<\/p>\n

The Windows Installer vulnerability CVE-2020-0683<\/h2>\n

\"\"A privilege escalation vulnerability exists in the Windows Installer, which has been assigned the identifier CVE-2020-0683  and has been publicly disclosed since February 2020. The Common Vulnerabilities and Exposures database (CVE) contains the following details:<\/p>\n

\n

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.<\/p>\n<\/blockquote>\n

When handling symbolic links during the processing of MSI installation packages, privileges may be increased. Packet Storm Security has published some details in this document<\/a> – Mc Afee links all information here<\/a>.  <\/p>\n

Microsoft released updates in Feb. 2020<\/h2>\n

Microsoft classifies the exploitability of the vulnerability in this document<\/a> as 'low'. This is because an attacker would have to log on to the system first. Only then could he execute a specially crafted MSI application to exploit the privilege escalation vulnerability. But then he could add or remove files.  <\/p>\n

On February 11, 2020, Microsoft published updates for Windows 7, Windows 8.1, and all versions of Windows 10, as well as the Windows Server counterparts, on the Windows Installer Elevation of Privilege Vulnerability support page CVE-2020-0683<\/a>.  <\/p>\n

\"Screenshot\"<\/a>
(Click to zoom<\/a>)<\/p>\n

0patch releases Micro Patch for CVE-2020-0683 <\/h2>\n

However, users of Windows 7 SP1 and Windows Server 2008 R2 who do not have an ESU license will no longer receive the security updates that are released by Microsoft. Since there is an exploit, the people at ACROS Security have developed a micro-fix for the vulnerability. <\/p>\n

\n

We have just released a micropatch for CVE-2020-0683, a privilege escalation in Windows Installer for which a POC is publicly available (https:\/\/t.co\/0yNhCM4mJV<\/a>). This micropatch is targeted at our Windows 7 and Windows Server 2008 R2 users without Extended Security Updates. pic.twitter.com\/quYWLsj6Ia<\/a><\/p>\n

\u2014 0patch (@0patch) March 12, 2020<\/a><\/p><\/blockquote>\n