0Patch fixes vulnerabilities (CVE-2022-26809 and CVE-2022-22019) in Windows

Windows[German]The ACROS Security team around founder Mitja Kolsek has released a micro patch to close the Remote Procedure Call Runtime Integer Overflows vulnerabilities CVE-2022-26809 and CVE-2022-22019). The patch is available for Windows 7 SP1, Windows Server 2008 R2, up to Windows 10 (v1803 to v2004). The micro-patch is available for all customers with the 0patch agent who own a Pro or Enterprise license of ACROS Security. Here is some information about it.

CVE-2022-26809 and CVE-2022-22019

The April 2022 Windows updates included a fix for a critical remotely exploitable vulnerability in Windows Remote Procedure Call Runtime (CVE-2022-26809). Mitja Kolsek then discovered that the fix addresses an integer overflow in RPC packets to the RPC server. With a very large number of RPC packets sent to the server, the buffer size on the server side can exceed 4 GB (max. representable with 32 bits). An overflow offers the risk that new RPC packets overwrite data and code, which could at least theoretically be used by an attacker to execute arbitrary code during the RPC call. Kolsek described the details in this blog post.

New micro patch for the vulnerabilities

After analyzing the vulnerabilities, the team at ACROS Security, which has been providing the 0Patch solution for years, developed micro-patches for Windows versions that are no longer officially supported and is now making them available to customers. Mitja Kolsek drew attention to this solution via Twitter.

ACROS Security 0patch micro patch#

More details may be found in this May 17, 2022 blog post from 0patch. The 0patch micropatches are available to all Pro and Enterprise license customers via the 0patch agent for the following Windows versions. 

  1. Windows 10 v1803 updated to May 2021
  2. Windows 10 v1809 updated to May 2021
  3. Windows 10 v1903 updated to December 2020
  4. Windows 10 v2004 updated to December 2021
  5. Windows 7 updated with ESU year 2, ESU year 1 or updated to January 2020
  6. Windows Server 2008 R2 updated with ESU year 2, ESU year 1 or updated to January 2020

Notes on how the 0patch agent, which loads micropatches into memory at an application's runtime, works can be found in blog posts (such as here).

Similar articles
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
0patch fixes 0-day vulnerability in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1013 in Windows 7/Server 2008 R2
0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec
0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability
0patch fixes 0-day in Internet Explorer
0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2
0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)
0Patch provides support for Windows 10 version 1809 after EOL
Windows 10 V180x: 0Patch fixes IE vulnerability CVE-2021-31959
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)
0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 6, 2021)
2nd 0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 19, 2021)
Windows 10: 0patch fix for MSHTML vulnerability (CVE-2021-40444)
0patch fixes LPE Vulnerability (CVE-2021-34484) in Windows User Profile Service
0patch fixes LPE vulnerability (CVE-2021-24084) in Mobile Device Management Service
0patch fixes InstallerTakeOver LPE 0-day vulnerability in Windows
0patch fixes ms-officecmd RCE vulnerability in Windows
0patch fixes RemotePotato0 vulnerability in Windows
0patch fixes again vulnerability CVE-2021-34484 in Windows 10/Server 2019

This entry was posted in Security, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *