Windows gdi32.dll security vulnerability fixed by third party 0patch

Costea Lestoc By: Costea Lestoc
2 minute read

Home » Windows gdi32.dll security vulnerability fixed by third party 0patch

Recently, there’s hardly surprise in hearing that a company is having security trouble. One of the latest victims is Microsoft itself, with recent vulnerabilities discovered in multiple Microsoft services including Windows along with Internet Explorer and Microsoft Edge browsers.

Microsoft is in Project Zero’s crosshairs

Microsoft’s issues have been picked up by Project Zero, a group of Google employees that seek to find critical security issues within software and inform its developers about it. If developers do not take action in a given amount of time, Project Zero proceeds to make the information public, exposing the developers and protecting the users.

Before Microsoft could come up with a solution (which it seems to have been trying to, given the recent delay of the latest Patch Tuesday security releases), another organization took action and provided a solution for the problem.

The salvation comes from a fresh “fixer” in the software industry known as 0patch. They have created a fix with the same name that targets zero-day threats including the gdi32.dl file which has been causing Microsoft headaches. 0patch’s move is fortuitous as there wasn’t any sign from Microsoft that it would be releasing any security updates until March.

So, who is responsible for the solution?

The developer behind 0patch, ACROS, is aiming to create a solution that will remain relevant for all threats as it will provide new and universal approaches to combating threats— they don’t want to provide just a temporary solution that works against a specific threat. Here is what ACROS stated:

“Microsoft will likely fix this issue with their next Patch Tuesday (March 14), so ours is the only patch available in the World until then. We’ll also try to micropatch the other 0-day revealed by Google.

While 3rd-party patches are highly valuable for such zero-days, we still expect most 3rd-party patches to cover the “security update gap” where an official fix is already available but is being tested,  leaving users exposed to “already patched vulnerabilities.”

It remains to be seen…

Will this approach be greeted by the Windows user community? After all, placing their security in the hands of a third-party developer would be an important and even critical decision for Windows users.



Next up

Create amazing YouTube video tutorials with these 5 software

Vladimir Popescu avatar. By: Vladimir Popescu
Less than a 1 minute read

In the last five years or so, the amount of video content uploaded to various social media networks has increased drastically. Everybody can launch their […]

Continue Reading

What to do if VPN freezes on verifying username and password

Sovan Mandal avatar. By: Sovan Mandal
2 minute read

There is often this rather frustrating error you might be faced with when trying to log in to a Virtual Private Network – that of […]

Continue Reading

5 best hockey video-analysis software to use on Windows 10

Vladimir Popescu avatar. By: Vladimir Popescu
Less than a 1 minute read

Hockey is a really interesting and demanding game. This term may refer to two different games: field hockey or ice hockey. The game has constantly evolved, […]

Continue Reading