14 DAY TRIAL // A micropatch is available through the 0patch platform for the zero-day vulnerability in Microsoft's JET Database Engine unveiled by Trend Micro's Zero Day Initiative in an advisory published on September 20.
ACROS Security, the company behind the free 0patch micropatch distribution platform, released their microscopic 21 bytes patch for the vulnerable msrd3x40.dll binary the day after ZDI published their Proof Of Concept exploit.
As detailed in a post on 0patch's blog by Mitja Kolsek, ACROS Security CEO, a candidate micropatch was ready less than 7 hours after the initial PoC was published by ZDI.
Following a few small changes to match the affected Windows 10 binary, two micropatches (one for Windows 7 and one for Windows 10) containing the fix were issued 23 hours after ZDI's publication and distributed to all 0patch users within 60 minutes.
Kolsek says in his write-up that "one of our goals with 0patch is to make vulnerability patching so fast that attackers won't even manage to develop a reliable exploit for a public vulnerability, much less launch a campaign with it, before the vulnerability is already patched on most users' computers."
Binary micropatches issued through the 0patch platform are entirely free and can be applied to vulnerable systems without the need to restart the affected process or rebooting the machine they're running on.
Micropatches distributed via the 0patch platform keep vulnerable systems safe until an official patch is released
More importantly, once a binary is patched using a micropatch, all future exploits will be ineffective since the entire code that could be exploited is changed, and the vulnerability is removed.
As Kolsek said in an interview with Softpedia "an important advantage micropatching has over "secondary" protection mechanism like antivirus, IPS and virtual patching is that it actually removes the vulnerability - as a result, one can modify the exploit all they want (which could bypass the secondary protections), but there is no vulnerability there to exploit anymore."
Users can download and apply all available micropatches to vulnerable binaries on their machines after creating an account on 0patch.com, downloading the 0patch Agent on their computers and registering the agent to their device.
Micropatches developed by ACROS Security allow users with computers vulnerable to zero-days to patch their systems and secure them until Microsoft releases official patches for the issue.