The KB4532693 update for Windows 10, version 1909 and 1903, which contains the critical vulnerability fix CVE-2020-0674, prevents many users and organizations from installing it. However, a temporary third-party fix is available in the 0patch Agent.
Until Microsoft releases a permanent solution for the problematic update KB4532693 for Windows 10, versions 1909 and 1903, users and organizations that use these versions of Windows 10 are forced to postpone the application of the security fixes delivered with it.
However, to fix the remote code execution vulnerability in Internet Explorer 9/10/11, known as CVE-2020-0674, a temporary third-party patch is available in the 0patch Agent application for Windows.
The official patch is causing problems
There is information that this vulnerability was actually used in limited targeted attacks, which makes it more relevant for companies. Attackers can use CVE-2020-0674 to secretly execute arbitrary commands on an unmanaged system when a user visits a specially designed website.
The severity of the problem prompted Microsoft to provide an interim fix until the cumulative update KB4532693 appears. However, it was available with a note about possible system problems for functions using the jscript.dll file. The patch also failed to print on HP printers and other USB printers.
When update KB4532693 appeared on Tuesday of patches, which was supposed to solve the problem, it created even more problems. For example, it became known that update KB4532693 for Windows 10 hides user data and loads the wrong profile.
Before Microsoft managed to fix the security vulnerability, ACROS Security’s 0Patch platform offered users a solution in the form of a micropatch, a small code that fixes real-time security problems and takes effect without rebooting the machine.
However, the micropatch was not initially available for Windows 10, versions 1909 and 1903. On February 22, Twitter Mitja Kolsek, CEO of ACROS Security, said that the micropatch was also ported for these OS versions.
Initially, an intermediate solution was available for Windows 7, Windows 10 v1709 / v1803 / v1809, Windows Server 2008 R2, and Windows Server 2019.
A temporary fix is offered to users of the free version of 0patch Agent for Windows, which is allowed only for non-commercial use, as well as to paid customers, said Kolsek.
You must register an account to enter the application. After registration, data is synchronized between the local system and the server to determine the status of the system.
The program displays in the interface patches that are available for free or can be purchased separately. The free Internet Explorer 11 patch, which protects the system from attacks aimed at CVE-2020-0674, will be installed automatically.
Users who have installed the micropatch can use this test page to verify that it is applied correctly (requirement: Internet Explorer 11 on Windows 7, Server 2008 R2, or Windows 10 v1903 / v1909).