Windows gdi32.dll security vulnerability fixed by third party 0patch

By: Costea Lestoc
2 minute read

Recently, there’s hardly surprise in hearing that a company is having security trouble. One of the latest victims is Microsoft itself, with recent vulnerabilities discovered in multiple Microsoft services including Windows along with Internet Explorer and Microsoft Edge browsers.

Microsoft is in Project Zero’s crosshairs

Microsoft’s issues have been picked up by Project Zero, a group of Google employees that seek to find critical security issues within software and inform its developers about it. If developers do not take action in a given amount of time, Project Zero proceeds to make the information public, exposing the developers and protecting the users.

Before Microsoft could come up with a solution (which it seems to have been trying to, given the recent delay of the latest Patch Tuesday security releases), another organization took action and provided a solution for the problem.

The salvation comes from a fresh “fixer” in the software industry known as 0patch. They have created a fix with the same name that targets zero-day threats including the gdi32.dl file which has been causing Microsoft headaches. 0patch’s move is fortuitous as there wasn’t any sign from Microsoft that it would be releasing any security updates until March.

So, who is responsible for the solution?

The developer behind 0patch, ACROS, is aiming to create a solution that will remain relevant for all threats as it will provide new and universal approaches to combating threats— they don’t want to provide just a temporary solution that works against a specific threat. Here is what ACROS stated:

“Microsoft will likely fix this issue with their next Patch Tuesday (March 14), so ours is the only patch available in the World until then. We’ll also try to micropatch the other 0-day revealed by Google.

While 3rd-party patches are highly valuable for such zero-days, we still expect most 3rd-party patches to cover the “security update gap” where an official fix is already available but is being tested,  leaving users exposed to “already patched vulnerabilities.”

It remains to be seen…

Will this approach be greeted by the Windows user community? After all, placing their security in the hands of a third-party developer would be an important and even critical decision for Windows users.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions