Windows gdi32.dll security vulnerability fixed by third party 0patch

2 minute read

Home » News » Windows gdi32.dll security vulnerability fixed by third party 0patch

Recently, there’s hardly surprise in hearing that a company is having security trouble. One of the latest victims is Microsoft itself, with recent vulnerabilities discovered in multiple Microsoft services including Windows along with Internet Explorer and Microsoft Edge browsers.

Microsoft is in Project Zero’s crosshairs

Microsoft’s issues have been picked up by Project Zero, a group of Google employees that seek to find critical security issues within software and inform its developers about it. If developers do not take action in a given amount of time, Project Zero proceeds to make the information public, exposing the developers and protecting the users.

Before Microsoft could come up with a solution (which it seems to have been trying to, given the recent delay of the latest Patch Tuesday security releases), another organization took action and provided a solution for the problem.

The salvation comes from a fresh “fixer” in the software industry known as 0patch. They have created a fix with the same name that targets zero-day threats including the gdi32.dl file which has been causing Microsoft headaches. 0patch’s move is fortuitous as there wasn’t any sign from Microsoft that it would be releasing any security updates until March.

So, who is responsible for the solution?

The developer behind 0patch, ACROS, is aiming to create a solution that will remain relevant for all threats as it will provide new and universal approaches to combating threats— they don’t want to provide just a temporary solution that works against a specific threat. Here is what ACROS stated:

“Microsoft will likely fix this issue with their next Patch Tuesday (March 14), so ours is the only patch available in the World until then. We’ll also try to micropatch the other 0-day revealed by Google.

While 3rd-party patches are highly valuable for such zero-days, we still expect most 3rd-party patches to cover the “security update gap” where an official fix is already available but is being tested,  leaving users exposed to “already patched vulnerabilities.”

It remains to be seen…

Will this approach be greeted by the Windows user community? After all, placing their security in the hands of a third-party developer would be an important and even critical decision for Windows users.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

Xbox update error code 0x8b05000f [EXPERT GUIDE]

Mihai Duna avatar. By: Mihai Duna
2 minute read

Many Xbox One users experienced an issue with the system update, such as error code 0x8b05000f. While trying to perform a mandatory system update, sometimes […]

Continue Reading

Printer is in use by another computer error [ULTIMATE GUIDE]

Mihai Duna avatar. By: Mihai Duna
2 minute read

An annoying issue prevents printers from printing files on the Windows 10 operating system. When attempting to initiate the printing process, the error message Another […]

Continue Reading

Your browser does not support HTML5 video [EXPERT FIX]

Mihai Duna avatar. By: Mihai Duna
2 minute read

Many Windows 10 users reported encountering an issue while trying to play HTML5 videos in their browser. The error message Your browser does not currently recognize […]

Continue Reading