0patch beats Microsoft to the punch and fixes serious EventLogCrasher vulnerability that affects every version of Windows

0patch

Just over a week ago, details emerged of a worrying 0day vulnerability affecting everything from Windows 7 to Windows 11, and Windows Server 2008 R2 to Windows Server 2022. The EventLogCrasher vulnerability allows a low-privileged attacker to disable Windows logging on all computers in a Windows domain and any local computer, thereby compromising intrusion detection and forensic capabilities.

Microsoft is yet to issue a fix for the problem, and this is concerning given not only the scale of the issue, but also the importance of the logging tool. As it has done before, micropatching firm 0patch has risen to the challenge and released a free patch which can be installed by everyone.

See also:

Announcing the availability of the fix, 0patch explains the backstory: "On January 23, 2024, security researcher Florian published details on a vulnerability that allows any authenticated user in a Windows environment (including in Windows domain) to crash Windows Event Log service either locally or on any remote computer".

Having informed Microsoft and being told that the bug was not deemed serious enough, Florian was free to publish a PoC and posted it to X:

Others expressed surprise that Microsoft did not think such a problem warranted fixing:

But 0patch did think it was worth patching, believing users deserve secure software. The company investigated the issue -- which you can read about in detail here -- and produced a fix.

The patch is actually very simple -- just two instructions -- but Microsoft cannot (yet, at least) be bothered to make its own. Until the Windows-maker changes its mind, the fix from 0patch is available free of charge. You'll just need create a free account in 0patch Central, then install and register 0patch Agent from 0patch.com

More details are available here.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.