{"id":14800,"date":"2020-06-18T00:09:00","date_gmt":"2020-06-17T22:09:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14800"},"modified":"2020-06-17T19:57:29","modified_gmt":"2020-06-17T17:57:29","slug":"0patch-fixt-cve-2020-1281-in-windows-7-server-2008-r2","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/06\/18\/0patch-fixt-cve-2020-1281-in-windows-7-server-2008-r2\/","title":{"rendered":"0patch fixes CVE-2020-1281 in Windows 7\/Server 2008 R2"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" title=\"win7\" style=\"border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; float: left; margin: 0px 10px 0px 0px; display: inline; border-top-width: 0px\" border=\"0\" alt=\"win7\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2012\/03\/win7_thumb1.jpg\" width=\"44\" align=\"left\" height=\"42\"> [<a href=\"https:\/\/www.borncity.com\/blog\/?p=232721\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]ACROS Security&nbsp; has released a micropatch for the vulnerability CVE-2020-1281 in Windows OLE of Windows 7 and Server 2008 R2 (without ESU license).<\/p>\n<p><!--more--><\/p>\n<h2>The vulnerability CVE-2020-1281 <\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/9b69ca14bf8944a28343bdbde2beda03\" width=\"1\" height=\"1\"><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1281\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-1281<\/a>&nbsp; is a Remote Code Execution (RCE) vulnerability because Microsoft Windows OLE does not properly validate user input. An attacker could exploit this vulnerability to execute malicious code. To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or program from a Web page or e-mail message.  <\/p>\n<p>Microsoft describes the vulnerability in <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1281\" target=\"_blank\" rel=\"noopener noreferrer\">this document<\/a> and released security updates for Windows 7 through Windows 10 on June 9, 2020. However, users of Windows 7 SP1 and Windows Server 2008 R2 who do not have an ESU license will no longer receive the security updates that are released by Microsoft.  <\/p>\n<h2>0patch fix for Windows 7 SP1\/Server 2008 R2<\/h2>\n<p>ACROS Security has developed a micropatch for the vulnerability CVE-2020-1281. Mitja Kolsek from ACROS Security informed me privately that the micropatch for Windows 7 SP1 and Windows Server 2008 R2 has been released. There is now also a message on Twitter.&nbsp; <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1281, an integer overflow vulnerability in Windows OLE marshalling that could allow a remote attacker to execute arbitrary code on user's computer. <a href=\"https:\/\/t.co\/38I1jN4M9K\">pic.twitter.com\/38I1jN4M9K<\/a><\/p>\n<p>\u2014 0patch (@0patch) <a href=\"https:\/\/twitter.com\/0patch\/status\/1272898443107880963?ref_src=twsrc%5Etfw\">June 16, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>In further <a href=\"https:\/\/twitter.com\/0patch\/status\/1272898443107880963\" target=\"_blank\" rel=\"noopener noreferrer\">follow-up tweets<\/a> as well as in <a href=\"https:\/\/blog.0patch.com\/2020\/06\/micropatch-is-available-for-ms-windows.html\" target=\"_blank\" rel=\"noopener noreferrer\">this blog post<\/a> ACROS Security gives further explanations about the vulnerability and the micropatch. This patch is available for subscribers of the Pro and Enterprise versions. For information on how the 0patch agent, which loads the micro-patches into memory at runtime of an application, works, see the blog posts (e.g. <a href=\"https:\/\/borncity.com\/win\/2020\/03\/05\/windows-7-securing-with-the-0patch-solution-part-2\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>) I linked below.<\/p>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2020\/03\/05\/windows-7-forcing-february-2020-security-updates-part-1\/\">Windows 7: Forcing February 2020 Security Updates<\/a> \u2013 Part 1<br \/><a href=\"https:\/\/borncity.com\/win\/2020\/03\/05\/windows-7-securing-with-the-0patch-solution-part-2\/\">Windows 7: Securing with the 0patch solution<\/a> \u2013 Part 2<br \/><a href=\"https:\/\/borncity.com\/win\/2019\/09\/22\/windows-7-server-2008-r2-0patch-liefert-sicherheitspatches-nach-supportende\/\">Windows 7\/Server 2008\/R2: 0patch delivers security patches after support ends<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/30\/project-windows-7-server-2008-r2-life-extension-0patch-one-month-trial\/\">Project: Windows 7\/Server 2008\/R2 Life Extension &amp; 0patch one month trial<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/21\/0patch-fix-for-internet-explorer-0-day-vulnerability-cve-2020-0674\/\">0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/03\/14\/0patch-fix-for-windows-installer-flaw-cve-2020-0683\/\">0patch: Fix for Windows Installer flaw CVE-2020-0683<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/03\/20\/0patch-fix-for-windows-gdi-vulnerability-cve-2020-0881\/\">0patch fix for Windows GDI+ vulnerability CVE-2020-0881<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/03\/24\/0-day-vulnerability-in-windows-adobe-type-library\/\">0-day vulnerability in Windows Adobe Type Library<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/04\/23\/0patch-fixt-cve-2020-0687-in-windows-7-server-2008-r2\/\">0patch fixes CVE-2020-0687 in Windows 7\/Server 2008 R2<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/05\/21\/0patch-fixes-cve-2020-1048-in-windows-7-server-2008-r2\/\">0patch fixes CVE-2020-1048 in Windows 7\/Server 2008 R2<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/05\/27\/0patch-fixt-cve-2020-1015-in-windows-7-server-2008-r2\/\">0patch fixes CVE-2020-1015 in Windows 7\/Server 2008 R2<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]ACROS Security&nbsp; has released a micropatch for the vulnerability CVE-2020-1281 in Windows OLE of Windows 7 and Server 2008 R2 (without ESU license).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[991,2487,1079,17,18],"class_list":["post-14800","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-0patch","tag-cve-2020-1281","tag-sicherheit","tag-windows-7","tag-windows-server-2008-r2"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14800"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14800\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}