Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch

    Posted on May 15th, 2018 at 09:45 woody Comment on the AskWoody Lounge

    This isn’t an endorsement.

    If you read my summary of this month’s patches, you’ll recall that there’s one potentially important patch:

    Microsoft released an explanation for the one “critical” Windows patch this month that is being actively exploited — a zero-day. Called CVE-2018-8174, the security hole involves the way Internet Explorer (mis)handles VBScript programs.

    That’s the one big security hole staring at us so far this month. I still haven’t heard of any exploits other than the ones identified by Kaspersky and Qihoo 360 (remember – they involved PDF files in Yiddish/Hebrew sent to Chinese organizations), but it’s still a potential problem.

    And then Microsoft screwed up the Windows 7 patches this month, breaking networks on some Win7 systems.

    Given the current state of affairs, you can either fix the VBScript 0day and possibly break your network card in the process, or you can avoid the update entirely until Microsoft finally fixes it. Whenever that may be.

    I was surprised to discover that 0patch, a well regarded patching platform from ACROS Security, now has a free patch available that plugs the 0day hole by simply, well, plugging the 0day hole. What a novel idea. Microsoft should do that… he says, tongue planted firmly in cheek.

    I’m NOT recommending that you run out and install the 0patch patch. It always gives me the willies when I see a non-Microsoft product offered to fix a Microsoft bug. But in this case, if you read the description, the analyst there who wrote the patch (Mitja Kolsek) knows what he’s doing.

    So rather than recommend that patch, I’m putting out a feeler to see if any of you have installed this patch — or if you have experience with other 0patch patches.

    Whaddya think?

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch

    This topic contains 19 replies, has 14 voices, and was last updated by  Microfix 2 months, 1 week ago.

    • Author
      Posts
    • #192490 Reply

      woody
      Da Boss

      This isn’t an endorsement. If you read my summary of this month’s patches, you’ll recall that there’s one potentially important patch: Microsoft relea
      [See the full post at: Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch]

      1 user thanked author for this post.
    • #192503 Reply

      Seff
      AskWoody Lounger

      I wouldn’t personally be tempted by an independent patch.

      First, I don’t know the supplier of the patch and therefore wouldn’t want to risk them compromising my machine for their own ends.

      Second, I would be concerned about future compatibility problems once Microsoft issue their own patch related to this, or indeed all future patches generally.

      4 users thanked author for this post.
      • #192550 Reply

        Microfix
        AskWoody MVP

        To add to seff’s comment, my initial concerns were:

        1. How would these fixes be undone to revert to default? no method available as a failsafe should something go wrong..other than system restore/ image/ registry backup etc..

        2. How do these 3rd party patches affect the system integrity? sfc /scannow (verifyonly..etc)

        3. When an MS patch IS released to fix the issue, whos to say that the system couldn’t be broken due to the 3rd party patch already being on the system. (no method of removal)

        Edit: does have an installer/ uninstaller

        There’s just too many unknowns for people without VM’s and I’d happily advise those without a Windows VM not to use 3rd party patches, not everyone is a technical expert.

        Wait…MS will fix it (fingers crossed, based on last 5 months anyway)

        | 2x Group A- W8.1 | Group A+ Linux Hybrid | Group W W7 Pro | Group W XP Pro
          No problem can be solved from the same level of consciousness that created IT - AE
        • #192710 Reply

          ky41083
          AskWoody Lounger

          2. How do these 3rd party patches affect the system integrity? sfc /scannow (verifyonly..etc)

          0patch does not in any way effect filesystem integrity. It is strictly a memory patcher, i.e. all patching happens in RAM only, on demand (when the code to be patched is called into RAM). This is why patching & unpatching with 0patch is more or less instant, and extremely safe.

          Edit: does have an installer/ uninstaller

          There’s just too many unknowns for people without VM’s and I’d happily advise those without a Windows VM not to use 3rd party patches, not everyone is a technical expert. Wait…MS will fix it (fingers crossed, based on last 5 months anyway) 

          Normally I would not recommend 3rd party patches either, but 0patch is an extremely well structured, organized, and tested solution. Honestly, it’s exactly how every vendor should quickly roll out patches for in the wild exploits. Instant apply / unapply, in memory only, nothing is ever permanently modified, I could go on all day…

          Patches from other sources, especially in persistent “modify on disk data” form, I would avoid like the plague.

          2 users thanked author for this post.
          • #192724 Reply

            Microfix
            AskWoody MVP

            all patching happens in RAM only, on demand (when the code to be patched is called into RAM). This is why patching & unpatching with 0patch is more or less instant, and extremely safe.

            Problem I have with this is, Spectre/ Spectre v2 and possible sideband violations/ exploitations. I’ve never needed or used 3rd party OS patches to be safe online (trusting my instincts). Thanks for the explanation and hope others can do what they think is right.

            Honestly, it’s exactly how every vendor should quickly roll out patches for in the wild exploits. Instant apply / unapply, in memory only, nothing is ever permanently modified, I could go on all day…

            I could not agree more 🙂

            | 2x Group A- W8.1 | Group A+ Linux Hybrid | Group W W7 Pro | Group W XP Pro
              No problem can be solved from the same level of consciousness that created IT - AE
            1 user thanked author for this post.
    • #192508 Reply

      anonymous

      Sooo, who here still uses Internet Explorer anyway?

      <crickets>

      1 user thanked author for this post.
      • #192510 Reply

        PKCano
        AskWoody MVP

        Your Windows (any version) computer does!!

        Even if you do not use it for your browser, it is integrated into and used by the Windows Operating System. If you leave it unpatched, you are leaving your computer unpatched and not secure..

        5 users thanked author for this post.
        • #192535 Reply

          AlexN
          AskWoody Lounger

          On one computer I owned, I managed to completely obliterate IE from the system.

          Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
          A weatherman that can code

          • #192552 Reply

            Microfix
            AskWoody MVP

            On one computer I owned, I managed to completely obliterate IE from the system.

            So did I….by installing linux

            | 2x Group A- W8.1 | Group A+ Linux Hybrid | Group W W7 Pro | Group W XP Pro
              No problem can be solved from the same level of consciousness that created IT - AE
            2 users thanked author for this post.
        • #192530 Reply

          anonymous

          Did you apply that patch yourself?

      • #192546 Reply

        dononline
        AskWoody Lounger

        I do.

    • #192517 Reply

      gborn
      AskWoody MVP

      0patch is long in business and provided a couple of useful patches in the past (I’ve blogged several times about their solutions). If you are facing the situation that you can leave your machine vulnerable or closing the vulnerability but haven’t a network, then 0patch can be a solution – imho.

      4 users thanked author for this post.
    • #192520 Reply

      Barry
      AskWoody Lounger

      No Thanks

      I have no problem waiting for MS to release a patch.

      Barry

      Barry

    • #192559 Reply

      Cascadian
      AskWoody Lounger

      I am very appreciative for your efforts to give information that is available, even when it does not quite meet the high standard of an endorsement. I think you did everything you could in plain language to say here is an available option.

      I also liked the implied inferred by me idea that if it can be patched, it could have been patched by the responsible owner of my licensed copy operating system. Thanks for dispersing the information to us.

      4 users thanked author for this post.
    • #192595 Reply

      Bob99
      AskWoody Lounger

      On one of the other threads here on Askwoody, I found a link to an MS blog page that describes (from 2017, I believe) how to disable VBscript within IE. It’s simply a matter of changing two registry entries or using GPEdit to do the same, depending on your flavor of Windows.

      BTW, the thread was from two or three weeks ago. The link leads to a Microsoft blog page, wherein the blogger (an employee from MS no less!) describes the “new feature” wherein one can disable VBScript within Win 10 and below. For some editions, you use regedit. For others, you use GPEdit.

      I run Win7Pro 64 bit SP1, and had to use the regedit method because the entry didn’t exist when I went to GPEdit.

      Can one of the MVP’s dig up the post and copy/paste the link here on this thread?

      I would think that disabling VBScript within IE would be a good workaround until MS stops breaking folks’ networking with 4103718 later this month.

    • #192620 Reply

      columbia2011
      AskWoody Lounger

      Colleagues, is fix for this vulnerability not included in the May cumulative update for IE11?

      • #192648 Reply

        anonymous

        It is included in this month’s security rollup update. However, on several machines, installing the update removes network card drivers without reinstalling them successfully thereby rendering them unable to reach the Internet or any network for communications and for re-downloading fixes for the error.

        This month’s security only update also exhibits the same behavior of removing and not reinstalling the network card driver(s) successfully.

        At the moment, I don’t recall if this unwanted behavior is limited to Windows 7 machines or if it’s also present in this month’s updates for Windows 8/8.1 and Windows 10.

        1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: