Bleeping computer reports that O-patch is releasing a fix for a zero day in Windows 7 and server 2008 R2. I haven’t yet seen an out of band patch rele
[See the full post at: Zero day for Windows 7]
Susan Bradley Patch Lady/Prudent patcher
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Zero day for Windows 7
- This topic has 12 replies, 5 voices, and was last updated 4 years, 5 months ago by
.
AuthorViewing 7 reply threadsAuthor-
If a local non-admin account is being used, all registry changes require running regedit as Admin. Does this zero day also bypass the UAC as well?
1 user thanked author for this post.
-
As I’m reading this, it won’t show or pop UAC. “If a normal user is able to modify an existing service then he/she can execute arbitrary code in the context of LOCAL/NETWORK SERVICE or even LOCAL SYSTEM.
Susan Bradley Patch Lady/Prudent patcher
-
-
-
Yes, they actually stated this last year. Approx $60 for year one, $120ish for year two and so on.
Susan Bradley Patch Lady/Prudent patcher
1 user thanked author for this post.
-
Yup, now that I search my memory, you’re right. This year has gone by like lightning for me.
Question:
I know it’s “just” a vuln, and there’s nothing in the wild yet, but Sergiu’s knowledge of it seems to be more than enough to go to MITRE Corp. or the CNA and get a CVE assigned to it. I’ve read the paper on how CVE’s get assigned, and it seems all the criteria are met:
https://cve.mitre.org/CVEIDsAndHowToGetThem.pdf
Has the holiday thrown a wrench into that process? Would it even help get Redmond off their duff on this one? Is it necessary or prudent to get a CVE on it ASAP? Seems so to me, but I don’t have the knowledge base for how all the gears and cogs work on this sort of thing as a practical matter. The .PDF seems straightforward in theory, but then there’s the real world…
Just curious.
Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty1 user thanked author for this post.
-
-
-
“…expected to be twice the price?” Ow.
According to Microsoft first year of ESU is ~$60, second year ~$120, third year ~$240, total $420.
0Patch Pro for 3 years ~$90 and supports patching Office including the EOL Office 2010 and many 3rd party apps.5 users thanked author for this post.
-
With no CVE, we would rather forego the ‘unofficial patch’ and wait it out for the ESU patch. snafu :)/
1 user thanked author for this post.
-
This is very low impact as it requires local (physical) access to the computer.
It reminds me of one of the Ten Immutable Laws Of Security:
“If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.”
5 users thanked author for this post.
-
Thanks…I never knew that “Local” was synonymous with “physically present”. The Registry has always been in the same sketchy area as “Networking” on my mental PC/OS map; some tracings and pieces of knowledge, but not overall completely filled in.
“Live and learn, or you don’t live long.” -R.A.H.
Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty -
-
-
Viewing 7 reply threads - This topic has 12 replies, 5 voices, and was last updated 4 years, 5 months ago by
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
*Some settings are managed by your organization
by 44 minutes ago
-
Formatting of “Forward”ed e-mails
by 2 hours, 58 minutes ago
-
SmartSwitch PC Updates will only be supported through the MS Store Going Forward
by 3 hours, 22 minutes ago
-
CISA warns of hackers targeting critical oil infrastructure
by 12 hours, 23 minutes ago
-
AI slop
by 11 hours, 33 minutes ago
-
Chrome : Using AI with Enhanced Protection mode
by 13 hours, 39 minutes ago
-
Two blank icons
by 20 hours, 9 minutes ago
-
Documents, Pictures, Desktop on OneDrive in Windows 11
by 22 hours, 33 minutes ago
-
End of 10
by 1 day, 1 hour ago
-
End Of 10 : Move to Linux
by 1 day, 1 hour ago
-
Single account cannot access printer’s automatic duplex functionality
by 22 hours, 12 minutes ago
-
test post
by 1 day, 7 hours ago
-
Privacy and the Real ID
by 21 hours, 22 minutes ago
-
MS-DEFCON 2: Deferring that upgrade
by 13 hours, 28 minutes ago
-
Cant log on to oldergeeks.Com
by 1 day, 11 hours ago
-
Upgrading from Win 10
by 12 hours, 58 minutes ago
-
USB webcam / microphone missing after KB5050009 update
by 2 hours, 52 minutes ago
-
TeleMessage, a modified Signal clone used by US government has been hacked
by 2 days, 3 hours ago
-
The story of Windows Longhorn
by 1 day, 15 hours ago
-
Red x next to folder on OneDrive iPadOS
by 2 days, 5 hours ago
-
Are manuals extinct?
by 16 hours, 42 minutes ago
-
Canonical ditching Sudo for Rust Sudo -rs starting with Ubuntu
by 2 days, 14 hours ago
-
Network Issue
by 2 days, 1 hour ago
-
Fedora Linux is now an official WSL distro
by 3 days, 2 hours ago
-
May 2025 Office non-Security updates
by 3 days, 2 hours ago
-
Windows 10 filehistory including onedrive folder
by 3 days, 4 hours ago
-
pages print on restart (Win 11 23H2)
by 2 days, 5 hours ago
-
Windows 11 Insider Preview build 26200.5581 released to DEV
by 3 days, 6 hours ago
-
Windows 11 Insider Preview build 26120.3950 (24H2) released to BETA
by 3 days, 6 hours ago
-
Proton to drop prices after ruling against “Apple tax”
by 3 days, 14 hours ago
Remembering Woody
