• Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch

    Home » Forums » Newsletter and Homepage topics » Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch

    • This topic has 19 replies, 14 voices, and was last updated 5 years ago.
    Author
    Topic
    #192490

    This isn’t an endorsement. If you read my summary of this month’s patches, you’ll recall that there’s one potentially important patch: Microsoft relea
    [See the full post at: Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch]

    1 user thanked author for this post.
    Viewing 6 reply threads
    Author
    Replies
    • #192503

      I wouldn’t personally be tempted by an independent patch.

      First, I don’t know the supplier of the patch and therefore wouldn’t want to risk them compromising my machine for their own ends.

      Second, I would be concerned about future compatibility problems once Microsoft issue their own patch related to this, or indeed all future patches generally.

      4 users thanked author for this post.
      • #192550

        To add to seff’s comment, my initial concerns were:

        1. How would these fixes be undone to revert to default? no method available as a failsafe should something go wrong..other than system restore/ image/ registry backup etc..

        2. How do these 3rd party patches affect the system integrity? sfc /scannow (verifyonly..etc)

        3. When an MS patch IS released to fix the issue, whos to say that the system couldn’t be broken due to the 3rd party patch already being on the system. (no method of removal)

        Edit: does have an installer/ uninstaller

        There’s just too many unknowns for people without VM’s and I’d happily advise those without a Windows VM not to use 3rd party patches, not everyone is a technical expert.

        Wait…MS will fix it (fingers crossed, based on last 5 months anyway)

        Keeping IT Lean, Clean and Mean!
        • #192710

          2. How do these 3rd party patches affect the system integrity? sfc /scannow (verifyonly..etc)

          0patch does not in any way effect filesystem integrity. It is strictly a memory patcher, i.e. all patching happens in RAM only, on demand (when the code to be patched is called into RAM). This is why patching & unpatching with 0patch is more or less instant, and extremely safe.

          Edit: does have an installer/ uninstaller

          There’s just too many unknowns for people without VM’s and I’d happily advise those without a Windows VM not to use 3rd party patches, not everyone is a technical expert. Wait…MS will fix it (fingers crossed, based on last 5 months anyway) 

          Normally I would not recommend 3rd party patches either, but 0patch is an extremely well structured, organized, and tested solution. Honestly, it’s exactly how every vendor should quickly roll out patches for in the wild exploits. Instant apply / unapply, in memory only, nothing is ever permanently modified, I could go on all day…

          Patches from other sources, especially in persistent “modify on disk data” form, I would avoid like the plague.

          2 users thanked author for this post.
          • #192724

            all patching happens in RAM only, on demand (when the code to be patched is called into RAM). This is why patching & unpatching with 0patch is more or less instant, and extremely safe.

            Problem I have with this is, Spectre/ Spectre v2 and possible sideband violations/ exploitations. I’ve never needed or used 3rd party OS patches to be safe online (trusting my instincts). Thanks for the explanation and hope others can do what they think is right.

            Honestly, it’s exactly how every vendor should quickly roll out patches for in the wild exploits. Instant apply / unapply, in memory only, nothing is ever permanently modified, I could go on all day…

            I could not agree more 🙂

            Keeping IT Lean, Clean and Mean!
            1 user thanked author for this post.
    • #192508

      Sooo, who here still uses Internet Explorer anyway?

      <crickets>

      1 user thanked author for this post.
    • #192517

      0patch is long in business and provided a couple of useful patches in the past (I’ve blogged several times about their solutions). If you are facing the situation that you can leave your machine vulnerable or closing the vulnerability but haven’t a network, then 0patch can be a solution – imho.

      Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

      https://www.borncity.com/win/

      4 users thanked author for this post.
    • #192520

      No Thanks

      I have no problem waiting for MS to release a patch.

      Barry

      Barry
      Windows 11 v22H2

    • #192559

      I am very appreciative for your efforts to give information that is available, even when it does not quite meet the high standard of an endorsement. I think you did everything you could in plain language to say here is an available option.

      I also liked the implied inferred by me idea that if it can be patched, it could have been patched by the responsible owner of my licensed copy operating system. Thanks for dispersing the information to us.

      4 users thanked author for this post.
    • #192595

      On one of the other threads here on Askwoody, I found a link to an MS blog page that describes (from 2017, I believe) how to disable VBscript within IE. It’s simply a matter of changing two registry entries or using GPEdit to do the same, depending on your flavor of Windows.

      BTW, the thread was from two or three weeks ago. The link leads to a Microsoft blog page, wherein the blogger (an employee from MS no less!) describes the “new feature” wherein one can disable VBScript within Win 10 and below. For some editions, you use regedit. For others, you use GPEdit.

      I run Win7Pro 64 bit SP1, and had to use the regedit method because the entry didn’t exist when I went to GPEdit.

      Can one of the MVP’s dig up the post and copy/paste the link here on this thread?

      I would think that disabling VBScript within IE would be a good workaround until MS stops breaking folks’ networking with 4103718 later this month.

    • #192620

      Colleagues, is fix for this vulnerability not included in the May cumulative update for IE11?

      • #192648

        It is included in this month’s security rollup update. However, on several machines, installing the update removes network card drivers without reinstalling them successfully thereby rendering them unable to reach the Internet or any network for communications and for re-downloading fixes for the error.

        This month’s security only update also exhibits the same behavior of removing and not reinstalling the network card driver(s) successfully.

        At the moment, I don’t recall if this unwanted behavior is limited to Windows 7 machines or if it’s also present in this month’s updates for Windows 8/8.1 and Windows 10.

        1 user thanked author for this post.
    Viewing 6 reply threads
    Reply To: Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: