Temporary micropatch is available for 0-day IE vulnerability in Windows 10

Micropatch for 0-day IE vulnerability
Written by Emma Davis

While Microsoft is solving the KB4532693 update problem, enterprises using Windows 10 (versions 1903 and 1909) are forced to postpone the installation of a patch that fixes some vulnerabilities. However, for the 0-day IE vulnerability in Windows 10, on 0Patch is available a temporary micropatch.

In particular, KB4532693 fixed a 0-day vulnerability in Internet Explorer 9/10/11 (CVE-2020-0674), which allows remote code execution and is already used by attackers in real-world attacks.

Fortunately, users can install the interim fix for CVE-2020-0674, available on the 0Patch platform, before a patched version of the update is released. The patch is a micropatch — a one-byte code that fixes a problem in real time and does not require a computer restart.

The micropatch was not intended for 1903 and 1909, but due to a problematic update, KB4532693 was also ported to these versions.

In light of functional issues with latest Windows 10 v1903/v1909 cumulative update, and due to high risk of exploitation, we have ported our micropatch for CVE-2020-0674 to these Windows 10 versions to protect users who decided to delay application of this update”, — write 0Patch engineers.

It was originally created for Windows 7, Windows 10 1709/1803/1809, Windows Server 2008 R2 and Windows Server 2019. Now, users of 1903 and 1909 can also install it.

Microsoft has notified its users of the vulnerability CVE-2020-0674 last month. With its help, an attacker can execute arbitrary code on a damaged device.

Vulnerability can cause memory corruption, which allows an attacker to execute arbitrary code in the context of the current user. If the current user logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take control of the vulnerable system”, — reported in the Microsoft notification.

Prior to the release of the full patch, Microsoft released a temporary fix, which, however, caused printing problems with HP printers.

Update KB4532693 was supposed to fix all the issues, but caused additional problems. After installing it, users began to complain about deletion of their files.

As a result, users concluded that it is possible to solve this problem and return their profile by restarting Windows several times or by removing the problematic update.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending