0patch beats Microsoft to the punch and fixes serious EventLogCrasher vulnerability that affects every version of Windows
Just over a week ago, details emerged of a worrying 0day vulnerability affecting everything from Windows 7 to Windows 11, and Windows Server 2008 R2 to Windows Server 2022. The EventLogCrasher vulnerability allows a low-privileged attacker to disable Windows logging on all computers in a Windows domain and any local computer, thereby compromising intrusion detection and forensic capabilities.
Microsoft is yet to issue a fix for the problem, and this is concerning given not only the scale of the issue, but also the importance of the logging tool. As it has done before, micropatching firm 0patch has risen to the challenge and released a free patch which can be installed by everyone.
See also:
- First Windows 12 build spotted on new internal development branch at Microsoft
- Quelle surprise! Bug-fixing Windows 11 patch is causing a new batch of problems
- Microsoft's latest addition to the Windows 11 scrapheap is the WMI command line utility
Announcing the availability of the fix, 0patch explains the backstory: "On January 23, 2024, security researcher Florian published details on a vulnerability that allows any authenticated user in a Windows environment (including in Windows domain) to crash Windows Event Log service either locally or on any remote computer".
Having informed Microsoft and being told that the bug was not deemed serious enough, Florian was free to publish a PoC and posted it to X:
Others expressed surprise that Microsoft did not think such a problem warranted fixing:
But 0patch did think it was worth patching, believing users deserve secure software. The company investigated the issue -- which you can read about in detail here -- and produced a fix.
The patch is actually very simple -- just two instructions -- but Microsoft cannot (yet, at least) be bothered to make its own. Until the Windows-maker changes its mind, the fix from 0patch is available free of charge. You'll just need create a free account in 0patch Central, then install and register 0patch Agent from 0patch.com.
More details are available here.