Hacker News: dielel

Our First Weeks of Securing Windows 7 and Windows Server 2008 R2

dielel — Sun, 23 Feb 2020 00:29:42 +0000

Article URL: https://blog.0patch.com/2020/02/our-first-weeks-of-securing-windows-7.html

Comments URL: https://news.ycombinator.com/item?id=22394298

Points: 1

# Comments: 0

New comment by dielel in "Microsoft Has Manually Patched Their Equation Editor Executable"

dielel — Fri, 17 Nov 2017 23:38:08 +0000

Thanks for sharing this. I suspected that "not being sure if you have the exactly right source code" could be a real world reason to patch a binary, and now I know.

Microsoft Has Manually Patched Their Equation Editor Executable

dielel — Fri, 17 Nov 2017 10:55:08 +0000

Article URL: https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html

Comments URL: https://news.ycombinator.com/item?id=15720923

Points: 553

# Comments: 159

0patching the “Immortal” CVE-2017-7269

dielel — Thu, 30 Mar 2017 15:34:02 +0000

Article URL: https://0patch.blogspot.si/2017/03/0patching-immortal-cve-2017-7269.html

Comments URL: https://news.ycombinator.com/item?id=13996248

Points: 1

# Comments: 0

0patching the “Immortal” CVE-2017-7269

dielel — Thu, 30 Mar 2017 13:15:45 +0000

Article URL: https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html

Comments URL: https://news.ycombinator.com/item?id=13995034

Points: 2

# Comments: 0

0patching Another 0-day: IE 11 Type Confusion by Google's Project Zero

dielel — Thu, 09 Mar 2017 23:18:20 +0000

Article URL: https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html

Comments URL: https://news.ycombinator.com/item?id=13834782

Points: 1

# Comments: 0

Another Windows 0day from Google's Project Zero Gets a Micropatch(CVE-2017-0037)

dielel — Thu, 09 Mar 2017 16:50:38 +0000

Article URL: https://0patch.blogspot.com/2017/03/0patching-another-0-day-internet.html

Comments URL: https://news.ycombinator.com/item?id=13830510

Points: 3

# Comments: 0

New comment by dielel in "0patching a 0-day: Windows gdi32.dll memory disclosure"

dielel — Fri, 03 Mar 2017 14:54:11 +0000

You're absolutely right - we have this information scattered around blog posts and other material but it should be laid out in one place and in not-too-techy language. Thanks for pointing it out.

New comment by dielel in "0patching a 0-day: Windows gdi32.dll memory disclosure"

dielel — Fri, 03 Mar 2017 14:45:41 +0000

Our micropatch (7 of them, really, for 4 different Windows OS versions) for CVE-2017-0038 is user-mode. As are currently all our micropatches. Processes using gdi32.dll do not need to be relaunched to have it applied.

New comment by dielel in "0patching a 0-day: Windows gdi32.dll memory disclosure"

dielel — Fri, 03 Mar 2017 14:27:16 +0000

ryanburk, thanks a lot for your comment. We at 0patch are big fans of MS Patch Tuesday from it's very beginning. It was a huge improvement for appsec for more than decade and it still is. But as active pentesters with more than 15 years of experiences we just noticed that our enterprise customers can not apply patches timely and usually their (also critical) systems remain unpatched for several months. It looks they cannot cope with the amount of update changes and testing so they rather decide not patch. That was even worse than not to have a patch from official vendor.

There is one important technical difference between small pre-PatchTuesday patches and micropatches: pre-PatchTuesday patches were installed binaries (actually complete new version of the product) that are here to stay forever – or at least until patch uninstall or product upgrade. Imagine how hard is patch uninstall on CEO's patch-corrupted system on a business travel, for instance. Micropatches only live in memory, they die with the process. They don’t change file system and installed product, just redirect maliciously used instruction (just instruction, not the whole function) to correct path, if possible. It’s just couple instructions any admin could review by himself and switch of, if there is a problem. I wish I could say that for today’s patching procedures. For us it is the idea worth trying. We just have to simplify updating process for users (and software vendors, too).

p.s.: we are aware Microsoft gave up the idea of hot patching some years ago, but as I know they were not changing just couple of instructions. Please correct me if I’m wrong.

New comment by dielel in "0patching a 0-day: Windows gdi32.dll memory disclosure"

dielel — Fri, 03 Mar 2017 13:58:27 +0000

Hi, Stanka from 0patch here. If you want to enable or disable (aka "patch" or "unpatch" the application) you don't need do restart the application. Not even if your app is running and you've just install 0patch agent. This is how it is designed to work in user space. When the official MS patch is installed (hopefully with the fix) this particular 0patch won't apply anymore.

As we try to make 0patch agent robust and reliable we don't support kernel mode at this moment - we will make this step slow and with great caution.

0patching a 0-day: Windows gdi32.dll memory disclosure

dielel — Thu, 02 Mar 2017 14:58:16 +0000

Article URL: https://0patch.blogspot.com/2017/02/0patching-0-day-windows-gdi32dll-memory.html

Comments URL: https://news.ycombinator.com/item?id=13774397

Points: 108

# Comments: 43

One Step Closer to Crowdpatching and Patch Bounties

dielel — Mon, 13 Feb 2017 14:39:31 +0000

Article URL: https://0patch.blogspot.com/2017/02/one-step-closer-to-crowdpatching-and.html

Comments URL: https://news.ycombinator.com/item?id=13635502

Points: 1

# Comments: 0

One Step Closer to Crowdpatching and Patch Bounties

dielel — Fri, 10 Feb 2017 18:51:20 +0000

Article URL: https://0patch.blogspot.com/2017/02/one-step-closer-to-crowdpatching-and.html

Comments URL: https://news.ycombinator.com/item?id=13617839

Points: 2

# Comments: 0

Micropatching gstreamer bug CVE-2016-9445 with 0patch Agent on Linux

dielel — Mon, 06 Feb 2017 16:00:54 +0000

Article URL: https://0patch.blogspot.com/2017/02/0patch-agent-on-linux-micropatching-cve.html

Comments URL: https://news.ycombinator.com/item?id=13580636

Points: 1

# Comments: 0

The Birth of the World's First Self-Healing Micropatch

dielel — Mon, 05 Sep 2016 12:50:56 +0000

Article URL: https://0patch.blogspot.si/2016/09/the-birth-of-worlds-first-self-healing.html

Comments URL: https://news.ycombinator.com/item?id=12429912

Points: 1

# Comments: 0

The story about how we created 0patch for Foxit Reader CVE-2016-3740

dielel — Tue, 26 Jul 2016 13:34:57 +0000

Article URL: https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html

Comments URL: https://news.ycombinator.com/item?id=12165469

Points: 2

# Comments: 0

Just 11 bytes – a 3rd-party “micropatch” for a vulnerability in Acrobat Reader

dielel — Mon, 20 Jun 2016 10:14:21 +0000

Article URL: http://0patch.blogspot.com/2016/06/writing-0patch-for-acrobat-readers-use.html

Comments URL: https://news.ycombinator.com/item?id=11937114

Points: 1

# Comments: 0

Just 11 bytes – a 3rd-party “micropatch” for a vulnerability in Acrobat Reader

dielel — Mon, 20 Jun 2016 10:12:17 +0000

Article URL: http://0patch.blogspot.com/2016/06/writing-0patch-for-acrobat-readers-use.h

Comments URL: https://news.ycombinator.com/item?id=11937106

Points: 1

# Comments: 0

3rd-party “micropatch” for a vulnerability in Acrobat Reader

dielel — Fri, 17 Jun 2016 17:50:37 +0000

We have just published our own "micropatch" for a remotely exploitable memory corruption vulnerability in Adobe's Acrobat Reader DC, which was fixed by Adobe with their latest update.

Why did we do this? We want to fix the way vulnerabilities are getting fixed (the sheer amount of breaches tells us something is broken here), and we're going to do it with micropatching.

Vulnerability micropatching is a refreshing alternative to traditional security updates, which replace a large chunk of a software application or operating system, often require a restart and are tremendously difficult to revert in case of any problems. Our mighty little patching machine, 0patch (pronounced 'zero patch', https://0patch.com), allows for creation and deployment of tiny patches that can be applied directly and instantaneously to the memory of a running process, and can also be removed just as easily. No restarts either way.

For more information, please see our blog post "Writing a 0patch for Acrobat Reader's Use-After-Free Vulnerability CVE-2016-1077" (http://0patch.blogspot.com/2016/06/writing-0patch-for-acrobat-readers-use.h tml).

0patch team https://0patch.com @0patch

Comments URL: https://news.ycombinator.com/item?id=11924254

Points: 1

# Comments: 0