Articles about 0day

Security issues in Windows crop up with scary frequency, and most are fixed by Microsoft… eventually. But while the tech giant works out how to patch holes in its buggy operating system, there are -- thankfully -- others who are willing to do the fixing faster.

0patch is a familiar name. It is a firm that, on a subscription basis, provides support and security fixes for versions of Windows that Microsoft has abandoned. It also frequently releases free patches for security issues that Microsoft is yet to fix, and this has just happened again with a fix for a worrying SCF File NTLM hash disclosure 0day vulnerability.

Continue reading →

0patch has revealed a 0day vulnerability that affects all desktop versions of Windows as well as Windows Server. In all, a staggering 21 different editions of Windows have the security issue which is described as a URL File NTLM Hash Disclosure vulnerability.

The security patching firm has reported the issue to Microsoft but -- as has been the case in the past -- the Windows-maker has yet to produce a fix. Stepping up to fill the void, 0patch has released free micropatches for all affected versions of Windows.

Continue reading →

Zero-day vulnerabilities are frequently reported on, but remain a major challenge for organizations, especially when it comes to quantifying the real threat posed by an unpatched instance of a vulnerability.

In 2023 the number of disclosed zero-days, or emerging vulnerabilities (EVs), increased from the previous year, rising from 55 in 2022 to 69 in 2023. While this wasn’t as high as the record in 2021 (with 81 disclosures) the prevalence of zero-day vulnerabilities has been rapidly trending upwards over the last 5 years. To stay ahead of the potentially devastating impact of being breached via an emerging vulnerability, organizations must be aware of how to stay ahead of attackers.

Continue reading →

Just over a week ago, details emerged of a worrying 0day vulnerability affecting everything from Windows 7 to Windows 11, and Windows Server 2008 R2 to Windows Server 2022. The EventLogCrasher vulnerability allows a low-privileged attacker to disable Windows logging on all computers in a Windows domain and any local computer, thereby compromising intrusion detection and forensic capabilities.

Microsoft is yet to issue a fix for the problem, and this is concerning given not only the scale of the issue, but also the importance of the logging tool. As it has done before, micropatching firm 0patch has risen to the challenge and released a free patch which can be installed by everyone.

Continue reading →