Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch

Topic

New Reply

This isn’t an endorsement. If you read my summary of this month’s patches, you’ll recall that there’s one potentially important patch: Microsoft relea
[See the full post at: Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch]

1 user thanked author for this post.

Cascadian

Reply | Quote

Replies

I wouldn’t personally be tempted by an independent patch.

First, I don’t know the supplier of the patch and therefore wouldn’t want to risk them compromising my machine for their own ends.

Second, I would be concerned about future compatibility problems once Microsoft issue their own patch related to this, or indeed all future patches generally.

4 users thanked author for this post.

jburk07, columbia2011, CyGuy, Microfix

Reply | Quote

To add to seff’s comment, my initial concerns were:

1. How would these fixes be undone to revert to default? no method available as a failsafe should something go wrong..other than system restore/ image/ registry backup etc..

2. How do these 3rd party patches affect the system integrity? sfc /scannow (verifyonly..etc)

3. When an MS patch IS released to fix the issue, whos to say that the system couldn’t be broken due to the 3rd party patch already being on the system. (no method of removal)

Edit: does have an installer/ uninstaller

There’s just too many unknowns for people without VM’s and I’d happily advise those without a Windows VM not to use 3rd party patches, not everyone is a technical expert.

Wait…MS will fix it (fingers crossed, based on last 5 months anyway)

Keeping IT Lean, Clean and Mean!

Reply | Quote

Microfix wrote:

2. How do these 3rd party patches affect the system integrity? sfc /scannow (verifyonly..etc)

0patch does not in any way effect filesystem integrity. It is strictly a memory patcher, i.e. all patching happens in RAM only, on demand (when the code to be patched is called into RAM). This is why patching & unpatching with 0patch is more or less instant, and extremely safe.

Microfix wrote:

Edit: does have an installer/ uninstaller

There’s just too many unknowns for people without VM’s and I’d happily advise those without a Windows VM not to use 3rd party patches, not everyone is a technical expert. Wait…MS will fix it (fingers crossed, based on last 5 months anyway) 

Normally I would not recommend 3rd party patches either, but 0patch is an extremely well structured, organized, and tested solution. Honestly, it’s exactly how every vendor should quickly roll out patches for in the wild exploits. Instant apply / unapply, in memory only, nothing is ever permanently modified, I could go on all day…

Patches from other sources, especially in persistent “modify on disk data” form, I would avoid like the plague.

2 users thanked author for this post.

columbia2011, Microfix

Reply | Quote

ky41083 wrote:

all patching happens in RAM only, on demand (when the code to be patched is called into RAM). This is why patching & unpatching with 0patch is more or less instant, and extremely safe.

Problem I have with this is, Spectre/ Spectre v2 and possible sideband violations/ exploitations. I’ve never needed or used 3rd party OS patches to be safe online (trusting my instincts). Thanks for the explanation and hope others can do what they think is right.

ky41083 wrote:

Honestly, it’s exactly how every vendor should quickly roll out patches for in the wild exploits. Instant apply / unapply, in memory only, nothing is ever permanently modified, I could go on all day…

I could not agree more 🙂

Keeping IT Lean, Clean and Mean!

1 user thanked author for this post.

ky41083

Reply | Quote

Sooo, who here still uses Internet Explorer anyway?

<crickets>

1 user thanked author for this post.

anita.yk

Reply | Quote

Your Windows (any version) computer does!!

Even if you do not use it for your browser, it is integrated into and used by the Windows Operating System. If you leave it unpatched, you are leaving your computer unpatched and not secure..

5 users thanked author for this post.

walker, AusJohn, Cascadian, woody, jburk07

Reply | Quote

On one computer I owned, I managed to completely obliterate IE from the system.

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

AlexN wrote:

On one computer I owned, I managed to completely obliterate IE from the system.

So did I….by installing linux

Keeping IT Lean, Clean and Mean!

2 users thanked author for this post.

anita.yk, Cascadian

Reply | Quote

Did you apply that patch yourself?

Reply | Quote

I do.

Reply | Quote

0patch is long in business and provided a couple of useful patches in the past (I’ve blogged several times about their solutions). If you are facing the situation that you can leave your machine vulnerable or closing the vulnerability but haven’t a network, then 0patch can be a solution – imho.

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

4 users thanked author for this post.

Cascadian, woody, Karlston, jburk07

Reply | Quote

No Thanks

I have no problem waiting for MS to release a patch.

Barry

Barry
Windows 11 v22H2

Reply | Quote

I am very appreciative for your efforts to give information that is available, even when it does not quite meet the high standard of an endorsement. I think you did everything you could in plain language to say here is an available option.

I also liked the implied inferred by me idea that if it can be patched, it could have been patched by the responsible owner of my licensed copy operating system. Thanks for dispersing the information to us.

4 users thanked author for this post.

anita.yk, columbia2011, Seff, Microfix

Reply | Quote

On one of the other threads here on Askwoody, I found a link to an MS blog page that describes (from 2017, I believe) how to disable VBscript within IE. It’s simply a matter of changing two registry entries or using GPEdit to do the same, depending on your flavor of Windows.

BTW, the thread was from two or three weeks ago. The link leads to a Microsoft blog page, wherein the blogger (an employee from MS no less!) describes the “new feature” wherein one can disable VBScript within Win 10 and below. For some editions, you use regedit. For others, you use GPEdit.

I run Win7Pro 64 bit SP1, and had to use the regedit method because the entry didn’t exist when I went to GPEdit.

Can one of the MVP’s dig up the post and copy/paste the link here on this thread?

I would think that disabling VBScript within IE would be a good workaround until MS stops breaking folks’ networking with 4103718 later this month.

Reply | Quote

All, not sure exactly what or where it was posted in 2017 but how about this link at Microsoft support:

https://support.microsoft.com/en-us/help/4012494/option-to-disable-vbscript-execution-in-internet-explorer-for-internet

Interesting that it was last updated on Apr 20, 2018

Another Microsoft link describing new group policy settings for IE11:

https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11

This one’s dated 7/27/2017

 

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

Reply | Quote

@Bob99 Is https://support.microsoft.com/en-us/help/4012494/option-to-disable-vbscript-execution-in-internet-explorer-for-internet what you were referrering to?

Reply | Quote

@bob99 posting anonymously here. Yes, both you and @RDRguy just above you posted the link I was referring to. Thanks for digging it up! It just might help someone reduce their stress level by disabling VBScript within IE and being able to wait for MS to fix the faulty patch instead of worrying about getting a malware infection because they can’t go without networking.

However, before we go too far down this road, the following question bears asking:

@abbodi86 , @CH100 , @MrBrian , is the above method of disabling VBScript within IE a valid workaround for the VBScript zero day vulnerability that’s allegedly fixed by this month’s faulty security only patches and security rollups?

Reply | Quote

Colleagues, is fix for this vulnerability not included in the May cumulative update for IE11?

Reply | Quote

It is included in this month’s security rollup update. However, on several machines, installing the update removes network card drivers without reinstalling them successfully thereby rendering them unable to reach the Internet or any network for communications and for re-downloading fixes for the error.

This month’s security only update also exhibits the same behavior of removing and not reinstalling the network card driver(s) successfully.

At the moment, I don’t recall if this unwanted behavior is limited to Windows 7 machines or if it’s also present in this month’s updates for Windows 8/8.1 and Windows 10.

1 user thanked author for this post.

columbia2011

Reply | Quote