Windows gdi32.dll security vulnerability fixed by third party 0patch

Costea Lestoc By: Costea Lestoc
2 minute read

Home » News » Windows gdi32.dll security vulnerability fixed by third party 0patch

Recently, there’s hardly surprise in hearing that a company is having security trouble. One of the latest victims is Microsoft itself, with recent vulnerabilities discovered in multiple Microsoft services including Windows along with Internet Explorer and Microsoft Edge browsers.

Microsoft is in Project Zero’s crosshairs

Microsoft’s issues have been picked up by Project Zero, a group of Google employees that seek to find critical security issues within software and inform its developers about it. If developers do not take action in a given amount of time, Project Zero proceeds to make the information public, exposing the developers and protecting the users.

Before Microsoft could come up with a solution (which it seems to have been trying to, given the recent delay of the latest Patch Tuesday security releases), another organization took action and provided a solution for the problem.

The salvation comes from a fresh “fixer” in the software industry known as 0patch. They have created a fix with the same name that targets zero-day threats including the gdi32.dl file which has been causing Microsoft headaches. 0patch’s move is fortuitous as there wasn’t any sign from Microsoft that it would be releasing any security updates until March.

So, who is responsible for the solution?

The developer behind 0patch, ACROS, is aiming to create a solution that will remain relevant for all threats as it will provide new and universal approaches to combating threats— they don’t want to provide just a temporary solution that works against a specific threat. Here is what ACROS stated:

“Microsoft will likely fix this issue with their next Patch Tuesday (March 14), so ours is the only patch available in the World until then. We’ll also try to micropatch the other 0-day revealed by Google.

While 3rd-party patches are highly valuable for such zero-days, we still expect most 3rd-party patches to cover the “security update gap” where an official fix is already available but is being tested,  leaving users exposed to “already patched vulnerabilities.”

It remains to be seen…

Will this approach be greeted by the Windows user community? After all, placing their security in the hands of a third-party developer would be an important and even critical decision for Windows users.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

Windows was unable to install your Android [FIX IT NOW]

Aleksandar Ognjanovic By: Aleksandar Ognjanovic
4 minute read

Installing Android drivers on a PC should be a walk in a park. You connect your handset with the PC via the USB cable and, […]

Continue Reading

5 ways to fix NOX emulator lag issues that really work

Daniel Segun By: Daniel Segun
6 minute read

Do you have NOX installed on your PC? Are you experiencing any form of lag while running it? This article is specially designed for you! […]

Continue Reading

What to do if ExpressVPN won’t connect after update

Daniel Segun By: Daniel Segun
6 minute read

Do you have ExpressVPN installed on your PC? Do you encounter connection problems after an update? This guide will help you out. Here, we’ll be […]

Continue Reading