Topic: Zero day for Windows 7 @ AskWoody

Zero day for Windows 7

Posted on Susan Bradley Comment on the AskWoody Lounge
Home › Forums › AskWoody blog › Zero day for Windows 7

Tagged: 0patch, Patch Lady Posts, Zero Day
- This topic has 12 replies, 4 voices, and was last updated 1 month, 2 weeks ago by anonymous.
Viewing 8 reply threads
- Author
  
  Posts
- - November 25, 2020 at 12:11 pm #2314368
    
    Susan Bradley
    Manager
    
    Bleeping computer reports that O-patch is releasing a fix for a zero day in Windows 7 and server 2008 R2. I haven’t yet seen an out of band patch rele
    [See the full post at: Zero day for Windows 7]
    
    Susan Bradley Patch Lady
    
    10 users thanked author for this post.
    
    M. Paquet, jburk07, abbodi86, lmacri, Nibbled To Death By Ducks, Elly, Pim, Moonbear, GreatAndPowerfulTech, Alex5723
    
    Reply | Quote
  - November 25, 2020 at 1:22 pm #2314389
    Moonbear
    AskWoody Lounger
    
    If a local non-admin account is being used, all registry changes require running regedit as Admin. Does this zero day also bypass the UAC as well?
    
    This reply was modified 1 month, 3 weeks ago by Moonbear.
    
    1 user thanked author for this post.
    
    Charlie
    
    Reply | Quote
    - November 26, 2020 at 12:00 am #2315004
      
      Susan Bradley
      Manager
      
      As I’m reading this, it won’t show or pop UAC. “If a normal user is able to modify an existing service then he/she can execute arbitrary code in the context of LOCAL/NETWORK SERVICE or even LOCAL SYSTEM.
      
      Susan Bradley Patch Lady
      
      2 users thanked author for this post.
      
      M. Paquet, Moonbear
      
      Reply | Quote
  - November 25, 2020 at 6:43 pm #2314448
    
    Nibbled To Death By Ducks
    AskWoody Plus
    
    “…expected to be twice the price?” Ow.
    
    If MS’s offshore support is any indicator, 0Patch may be looking more attractive, even tho THEIR support is email only, from what I can see…
    
    Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
    --
    "A committee is the only known form of life that can have least four legs and no brain."
    
    -Robert Heinlein
    
    Reply | Quote
    - November 25, 2020 at 11:50 pm #2315003
      
      Susan Bradley
      Manager
      
      Yes, they actually stated this last year. Approx $60 for year one, $120ish for year two and so on.
      
      Susan Bradley Patch Lady
      
      1 user thanked author for this post.
      
      Nibbled To Death By Ducks
      
      Reply | Quote
      
      November 26, 2020 at 12:22 am #2315014
      
      Nibbled To Death By Ducks
      AskWoody Plus
      
      Yup, now that I search my memory, you’re right. This year has gone by like lightning for me.
      
      Question:
      
      I know it’s “just” a vuln, and there’s nothing in the wild yet, but Sergiu’s knowledge of it seems to be more than enough to go to MITRE Corp. or the CNA and get a CVE assigned to it. I’ve read the paper on how CVE’s get assigned, and it seems all the criteria are met:
      
      https://cve.mitre.org/CVEIDsAndHowToGetThem.pdf
      
      Has the holiday thrown a wrench into that process? Would it even help get Redmond off their duff on this one? Is it necessary or prudent to get a CVE on it ASAP? Seems so to me, but I don’t have the knowledge base for how all the gears and cogs work on this sort of thing as a practical matter. The .PDF seems straightforward in theory, but then there’s the real world…
      
      Just curious.
      
      Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
      --
      "A committee is the only known form of life that can have least four legs and no brain."
      
      -Robert Heinlein
      
      1 user thanked author for this post.
      
      Moonbear
      
      Reply | Quote
  - November 26, 2020 at 1:40 am #2315027
    
    Alex5723
    AskWoody Plus
    
    Nibbled To Death By Ducks wrote:
    
    “…expected to be twice the price?” Ow.
    
    According to Microsoft first year of ESU is ~$60, second year ~$120, third year ~$240, total $420.
    0Patch Pro for 3 years ~$90 and supports patching Office including the EOL Office 2010 and many 3rd party apps.
    
    5 users thanked author for this post.
    
    Endora, M. Paquet, Nibbled To Death By Ducks, Cybertooth, Myst
    
    Reply | Quote
  - November 26, 2020 at 4:19 am #2315032
    
    anonymous
    Guest
    
    With no CVE, we would rather forego the ‘unofficial patch’ and wait it out for the ESU patch. snafu :)/
    
    1 user thanked author for this post.
    
    Nibbled To Death By Ducks
    
    Reply | Quote
  - November 26, 2020 at 10:02 am #2315071
    
    anonymous
    Guest
    
    This is very low impact as it requires local (physical) access to the computer.
    
    It reminds me of one of the Ten Immutable Laws Of Security:
    
    “If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.”
    
    5 users thanked author for this post.
    
    Myst, Moonbear, Nibbled To Death By Ducks, Microfix, Cybertooth
    
    Reply | Quote
  - November 26, 2020 at 6:09 pm #2315148
    
    Nibbled To Death By Ducks
    AskWoody Plus
    
    Thanks…I never knew that “Local” was synonymous with “physically present”. The Registry has always been in the same sketchy area as “Networking” on my mental PC/OS map; some tracings and pieces of knowledge, but not overall completely filled in. 🙂
    
    “Live and learn, or you don’t live long.” -R.A.H.
    
    Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
    --
    "A committee is the only known form of life that can have least four legs and no brain."
    
    -Robert Heinlein
    
    Reply | Quote
    - November 26, 2020 at 7:55 pm #2315153
      
      Moonbear
      AskWoody Lounger
      
      The need for physical access could also be the reason their hasn’t been a CVE issued yet
      
      Reply | Quote
  - November 29, 2020 at 7:22 am #2315652
    
    anonymous
    Guest
    
    Could you not simply change the ACL on those two registry keys to mitigate this?
    
    Reply | Quote
  - December 7, 2020 at 7:27 am #2317788
    
    anonymous
    Guest
    
    Why is AskWoody not updated with the warnings and the watch out for’s as it once had been.
    
    Reply | Quote
- Author
  
  Posts
Viewing 8 reply threads

Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

Reply To: Zero day for Windows 7
You can use BBCodes to format your content.
Your account can't use Advanced BBCodes, they will be stripped before saving.

Cancel

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.