[{"data":1,"prerenderedAt":1042},["ShallowReactive",2],{"I-maWsoucveWH7VpbVdiZ9YJQaZbJd1SsPfUgTAv7BA":3,"i-custom:keyboard-arrow-down":704,"i-custom:check":708,"i-custom:north-east":710,"4Xiq58721m3SDgpFY_V_-xyi3CIpuMcRAeiohNFMIuk":712},{"_site":4,"allMenuCtas":33,"allMenuItems":43,"allFooterMenuItems":207,"allFooterLinks":259,"allProductCategories":263,"allPlans":277,"allPatchCategories":288,"allCountries":622,"allPartnerCategories":664,"topBar":674,"allSocialLinks":695},{"globalSeo":5,"favicon":8,"faviconMetaTags":10,"locales":31},{"siteName":6,"titleSuffix":7},"0patch"," | 0patch",{"url":9},"https://www.datocms-assets.com/166020/1758709113-0patch_logo.svg",[11,19,23,27],{"tag":12,"attributes":13,"content":18},"link",{"sizes":14,"type":15,"rel":16,"href":17},"16x16","image/svg","icon","https://www.datocms-assets.com/166020/1758709113-0patch_logo.svg?auto=format&h=16&w=16",null,{"tag":12,"attributes":20,"content":18},{"sizes":21,"type":15,"rel":16,"href":22},"32x32","https://www.datocms-assets.com/166020/1758709113-0patch_logo.svg?auto=format&h=32&w=32",{"tag":12,"attributes":24,"content":18},{"sizes":25,"type":15,"rel":16,"href":26},"96x96","https://www.datocms-assets.com/166020/1758709113-0patch_logo.svg?auto=format&h=96&w=96",{"tag":12,"attributes":28,"content":18},{"sizes":29,"type":15,"rel":16,"href":30},"192x192","https://www.datocms-assets.com/166020/1758709113-0patch_logo.svg?auto=format&h=192&w=192",[32],"en",[34],{"id":35,"title":36,"reference":37,"externalLink":40,"variant":41,"publishTranslation":42},"7540649","Buy now",{"_modelApiKey":38,"slug":39},"page","pricing","","primary-green",true,[44,52,59,66,86,92,99,103,109,117,123,130,135,149,155,169,175],{"id":45,"children":46,"externalLink":40,"parent":47,"reference":49,"title":51,"description":40,"publishTranslation":42},"HC0Jv04qRuKuZzHWgfUcNw",[],{"id":48},"IL3SSc5ySpu4strWvTvZ_A",{"_modelApiKey":38,"slug":50},"in-the-media","In the media",{"id":53,"children":54,"externalLink":55,"parent":56,"reference":18,"title":58,"description":40,"publishTranslation":42},"Lf_fG7sJTeyY-YwXgCZM6A",[],"https://dist.0patch.com/download/latestagent",{"id":57},"InIESymQQManhdOiSJWRAA","Download 0patch Agent",{"id":60,"children":61,"externalLink":62,"parent":63,"reference":18,"title":65,"description":40,"publishTranslation":42},"H1wOcewmTj2BFNcm_3S4Pg",[],"https://support.0patch.com/hc/en-us/sections/22259984868242",{"id":64},"SWaM0xVVRG-TtXEDSCe6CA","User Manual",{"id":48,"children":67,"externalLink":40,"parent":83,"reference":18,"title":85,"description":40,"publishTranslation":42},[68,72],{"id":45,"title":51,"description":40,"parent":69,"reference":70,"externalLink":40,"publishTranslation":42,"children":71},{"id":48},{"_modelApiKey":38,"slug":50},[],{"id":73,"title":74,"description":74,"parent":75,"reference":76,"externalLink":40,"publishTranslation":42,"children":82},"GYvRoN-xQrK53JU9hoMC9g","From our blog",{"id":48},{"_modelApiKey":77,"slug":78,"title":79,"createdAt":80,"published":81},"article","micropatches-released-for-windows-storage-elevation-of-privilege-vulnerability-cv","Micropatches released for Windows Storage Elevation of Privilege Vulnerability (CVE-2026-21508)","2026-04-04T11:50:51+02:00","2026-03-31T00:00:00+02:00",[],{"id":84},"136494748","Featured",{"id":87,"children":88,"externalLink":40,"parent":18,"reference":89,"title":91,"description":40,"publishTranslation":42},"7537370",[],{"_modelApiKey":38,"slug":90},"windows10","Windows 10",{"id":93,"children":94,"externalLink":95,"parent":96,"reference":18,"title":97,"description":98,"publishTranslation":42},"KNhSd6vgR2mx15df8jrG1g",[],"https://support.0patch.com/hc/en-us",{"id":57},"Help Center","All sections",{"id":73,"children":100,"externalLink":40,"parent":101,"reference":102,"title":74,"description":74,"publishTranslation":42},[],{"id":48},{"_modelApiKey":77,"slug":78,"createdAt":80,"title":79,"published":81},{"id":104,"children":105,"externalLink":106,"parent":107,"reference":18,"title":108,"description":40,"publishTranslation":42},"YlQq8EI3S3Cjo6bX8KwScg",[],"https://www.0patch.com/files/0patch_End_User_License_Agreement.pdf",{"id":64},"License agreement",{"id":110,"children":111,"externalLink":40,"parent":112,"reference":113,"title":115,"description":116,"publishTranslation":42},"7537375",[],{"id":57},{"_modelApiKey":38,"slug":114},"contact","Contact us","Form demo",{"id":118,"children":119,"externalLink":40,"parent":18,"reference":120,"title":122,"description":40,"publishTranslation":42},"LT3XEcT4ToWK-CGDxHIvxA",[],{"_modelApiKey":38,"slug":121},"patches","Patches",{"id":124,"children":125,"externalLink":40,"parent":126,"reference":127,"title":129,"description":40,"publishTranslation":42},"C_hUUxSzRlWzUZJZiQKLWg",[],{"id":64},{"_modelApiKey":38,"slug":128},"privacy","Privacy policy",{"id":131,"children":132,"externalLink":40,"parent":18,"reference":133,"title":134,"description":40,"publishTranslation":42},"M7H9KVRYQbWzdi5przLT7w",[],{"_modelApiKey":38,"slug":39},"Pricing",{"id":57,"children":136,"externalLink":40,"parent":147,"reference":18,"title":148,"description":40,"publishTranslation":42},[137,140,143],{"id":53,"title":58,"description":40,"parent":138,"reference":18,"externalLink":55,"publishTranslation":42,"children":139},{"id":57},[],{"id":93,"title":97,"description":98,"parent":141,"reference":18,"externalLink":95,"publishTranslation":42,"children":142},{"id":57},[],{"id":110,"title":115,"description":116,"parent":144,"reference":145,"externalLink":40,"publishTranslation":42,"children":146},{"id":57},{"_modelApiKey":38,"slug":114},[],{"id":84},"Support",{"id":150,"children":151,"externalLink":40,"parent":18,"reference":152,"title":154,"description":40,"publishTranslation":42},"7540650",[],{"_modelApiKey":38,"slug":153},"blog","Blog",{"id":64,"children":156,"externalLink":40,"parent":167,"reference":18,"title":168,"description":40,"publishTranslation":42},[157,160,163],{"id":60,"title":65,"description":40,"parent":158,"reference":18,"externalLink":62,"publishTranslation":42,"children":159},{"id":64},[],{"id":104,"title":108,"description":40,"parent":161,"reference":18,"externalLink":106,"publishTranslation":42,"children":162},{"id":64},[],{"id":124,"title":129,"description":40,"parent":164,"reference":165,"externalLink":40,"publishTranslation":42,"children":166},{"id":64},{"_modelApiKey":38,"slug":128},[],{"id":84},"Documents",{"id":170,"children":171,"externalLink":40,"parent":18,"reference":172,"title":174,"description":40,"publishTranslation":42},"SH5u-VrlQeKwYFXpbtstHw",[],{"_modelApiKey":38,"slug":173},"partners","Partners",{"id":84,"children":176,"externalLink":40,"parent":18,"reference":18,"title":206,"description":40,"publishTranslation":42},[177,186,196],{"id":48,"title":85,"description":40,"parent":178,"reference":18,"externalLink":40,"publishTranslation":42,"children":179},{"id":84},[180,183],{"id":45,"title":51,"description":40,"parent":181,"reference":182,"externalLink":40,"publishTranslation":42},{"id":48},{"_modelApiKey":38,"slug":50},{"id":73,"title":74,"description":74,"parent":184,"reference":185,"externalLink":40,"publishTranslation":42},{"id":48},{"_modelApiKey":77,"slug":78,"createdAt":80,"title":79,"published":81},{"id":57,"title":148,"description":40,"parent":187,"reference":18,"externalLink":40,"publishTranslation":42,"children":188},{"id":84},[189,191,193],{"id":53,"title":58,"description":40,"parent":190,"reference":18,"externalLink":55,"publishTranslation":42},{"id":57},{"id":93,"title":97,"description":98,"parent":192,"reference":18,"externalLink":95,"publishTranslation":42},{"id":57},{"id":110,"title":115,"description":116,"parent":194,"reference":195,"externalLink":40,"publishTranslation":42},{"id":57},{"_modelApiKey":38,"slug":114},{"id":64,"title":168,"description":40,"parent":197,"reference":18,"externalLink":40,"publishTranslation":42,"children":198},{"id":84},[199,201,203],{"id":60,"title":65,"description":40,"parent":200,"reference":18,"externalLink":62,"publishTranslation":42},{"id":64},{"id":104,"title":108,"description":40,"parent":202,"reference":18,"externalLink":106,"publishTranslation":42},{"id":64},{"id":124,"title":129,"description":40,"parent":204,"reference":205,"externalLink":40,"publishTranslation":42},{"id":64},{"_modelApiKey":38,"slug":128},"Resources",[208,214,218,222,226,231,235,239,244,249,254],{"id":209,"column":210,"children":211,"externalLink":40,"parent":18,"reference":212,"title":122,"description":40,"publishTranslation":42},"Z7v-uM0cTOOBdk-s10IiJA",1,[],{"__typename":213,"_modelApiKey":38,"slug":121},"PageRecord",{"id":215,"column":210,"children":216,"externalLink":40,"parent":18,"reference":217,"title":134,"description":40,"publishTranslation":42},"Yr6Go03oTdSCq8pxdWdUsg",[],{"__typename":213,"_modelApiKey":38,"slug":39},{"id":219,"column":210,"children":220,"externalLink":40,"parent":18,"reference":221,"title":174,"description":40,"publishTranslation":42},"Ds1JBCIHQQKM3pJdA6ywFA",[],{"__typename":213,"_modelApiKey":38,"slug":173},{"id":223,"column":210,"children":224,"externalLink":40,"parent":18,"reference":225,"title":115,"description":40,"publishTranslation":42},"d9N0wsZhQsm7WLVqkmUWVQ",[],{"__typename":213,"_modelApiKey":38,"slug":114},{"id":227,"column":228,"children":229,"externalLink":40,"parent":18,"reference":230,"title":154,"description":40,"publishTranslation":42},"O9Oqpya5TZafs7o4l_8Nvg",2,[],{"__typename":213,"_modelApiKey":38,"slug":153},{"id":232,"column":228,"children":233,"externalLink":40,"parent":18,"reference":234,"title":51,"description":40,"publishTranslation":42},"QbA-8ChQT-eVxrfVlZzKaA",[],{"__typename":213,"_modelApiKey":38,"slug":50},{"id":236,"column":228,"children":237,"externalLink":95,"parent":18,"reference":18,"title":238,"description":40,"publishTranslation":42},"GcPu0RJNQu2cmfpL_Us1Lg",[],"Help center ",{"id":240,"column":228,"children":241,"externalLink":242,"parent":18,"reference":18,"title":243,"description":40,"publishTranslation":42},"NwREnz0XTvOJ93OHko_7xw",[],"https://status.0patch.com/","Status page",{"id":245,"column":228,"children":246,"externalLink":40,"parent":18,"reference":247,"title":248,"description":40,"publishTranslation":42},"UPh4X1tXRt24AhzNHaztFg",[],{"__typename":213,"_modelApiKey":38,"slug":114},"Write to support",{"id":250,"column":228,"children":251,"externalLink":252,"parent":18,"reference":18,"title":253,"description":40,"publishTranslation":42},"bUWsPw9eRvG4Ycl7j0yONg",[],"mailto:security@0patch.com","Report a security issue",{"id":255,"column":228,"children":256,"externalLink":257,"parent":18,"reference":18,"title":258,"description":40,"publishTranslation":42},"eB66OgJwSXSF0UWkhz1snQ",[],"https://www.0patch.com/files/0patch.asc","PGP KEY",[260],{"externalLink":40,"reference":261,"title":262,"publishTranslation":42},{"_modelApiKey":38,"slug":128},"Privacy",[264,269,273],{"__typename":265,"id":266,"name":267,"slug":268},"ProductCategoryRecord","Am0QLeVvQCuP42oCnhKABQ","Office","office",{"__typename":265,"id":270,"name":271,"slug":272},"VFAYSlgkRneu1oHcTKcpwQ","Server","server",{"__typename":265,"id":274,"name":275,"slug":276},"UNiVGxy_QViVXTpaSLXZlQ","Windows","windows",[278,282,285],{"__typename":279,"id":280,"title":281},"PlanRecord","T-QQY6XRSjeGbmXIK5kNCw","Free",{"__typename":279,"id":283,"title":284},"TOtXWfDyTjyO3H3OW_HRtQ","Professional",{"__typename":279,"id":286,"title":287},"KJjNQcHiRVa_mZqx_GtIrg","Enterprise",[289,423,520,561,605],{"__typename":290,"_allReferencingPatchesMeta":291,"_allReferencingPatches":293,"_modelApiKey":418,"name":419,"id":420,"slug":421,"icon":18,"supportDate":422},"PatchCategoryRecord",{"count":292},19,[294,302,310,317,325,333,340,346,352,358,364,370,376,382,388,394,400,406,412],{"id":295,"title":296,"description":297,"plans":298},"CHBzDqmWSkiUggiwCycMKQ","0day patches","\u003Cp>Patches for vulnerabilities the original vendor has not yet patched - both for legacy products and products that are still under official vendor support\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?type=0day\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our 0day patches\u003C/a>\u003C/strong>\u003C/p>",[299,300,301],{"id":280,"title":281},{"id":283,"title":284},{"id":286,"title":287},{"id":303,"title":304,"description":305,"plans":306},"W1zipVenRuaCpMLlbChNkg","Free patches","\u003Cp>Patches for \"0day\" vulnerabilities are generally free until the vendor has provided an official fix\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?plan=free\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our free patches\u003C/a>\u003C/strong>\u003C/p>",[307,308,309],{"id":280,"title":281},{"id":283,"title":284},{"id":286,"title":287},{"id":311,"title":312,"description":313,"plans":314},"JMf6o8nLRh2YNbSjeoWSbg","All patches","\u003Cp>All our patches we have ever issued, or will ever issue, including 0day and legacy patches\u003C/p>",[315,316],{"id":283,"title":284},{"id":286,"title":287},{"id":318,"title":319,"description":320,"plans":321},"N2SosqbOST-U5Q3FTqKT-g","Multi factor authentication (MFA)","\u003Cp>Require one-time code from an authenticator app when accessing 0patch Central\u003C/p>",[322,323,324],{"id":280,"title":281},{"id":283,"title":284},{"id":286,"title":287},{"id":326,"title":327,"description":328,"plans":329},"Aurt0TQWT3qrx--H6Bvtnw","0patch console - local management","\u003Cp>0patch Agent is managed locally using 0patch Console application\u003C/p>",[330,331,332],{"id":280,"title":281},{"id":283,"title":284},{"id":286,"title":287},{"id":334,"title":335,"description":336,"plans":337},"dvNfP_7ZQ6uyUtJO3ADbJQ","Standard email support","\u003Cp>Email support with 24-hour response time\u003C/p>",[338,339],{"id":283,"title":284},{"id":286,"title":287},{"id":341,"title":342,"description":343,"plans":344},"DRZtt1FJQ2OW742_5ZdcOQ","Central management","\u003Cp>Centrally manage and monitor all your 0patch Agents from web-based 0patch Central\u003C/p>",[345],{"id":286,"title":287},{"id":347,"title":348,"description":349,"plans":350},"C7j04lkDSSmPT2ikq9grug","IP address allow-listing","\u003Cp>Restricting access to 0patch Central so only users connecting from approved IP addresses can use it\u003C/p>",[351],{"id":286,"title":287},{"id":353,"title":354,"description":355,"plans":356},"aLo8Rj7YQsufFNozN8C6lw","Unattended agent installation","\u003Cp>Deploy 0patch Agent remotely without user interaction\u003C/p>",[357],{"id":286,"title":287},{"id":359,"title":360,"description":361,"plans":362},"dJECbsVMSGm7_ObPWiWSDQ","Agent auto-registration","\u003Cp>0patch Agent can automatically register itself to your 0patch account\u003C/p>",[363],{"id":286,"title":287},{"id":365,"title":366,"description":367,"plans":368},"WHM0-Mj0Sr2WZ1LwhTI9Dw","Silent run","\u003Cp>0patch Agent operates entirely in the background without showing notifications or prompts to the user\u003C/p>",[369],{"id":286,"title":287},{"id":371,"title":372,"description":373,"plans":374},"Zjk5YWqcS2al2C2OTEH82w","Patching policies","\u003Cp>Select which patches are enabled for which groups of computers, and whether newly issued patches are initially enabled or disabled\u003C/p>",[375],{"id":286,"title":287},{"id":377,"title":378,"description":379,"plans":380},"DXTTXN2ITtmy-Bclo1_iKQ","Computer groups","\u003Cp>Organize your computers in groups to simplify management and apply different policies to different sets of computers\u003C/p>",[381],{"id":286,"title":287},{"id":383,"title":384,"description":385,"plans":386},"Vna1HyM9Q4-kwJshD0-4Ag","Multi user support","\u003Cp>Add any number of users to 0patch Central\u003C/p>",[387],{"id":286,"title":287},{"id":389,"title":390,"description":391,"plans":392},"MZheRUWKRHuS_M3sPAvxWw","User roles","\u003Cp>Assign different roles to 0patch Central users to limit their access\u003C/p>",[393],{"id":286,"title":287},{"id":395,"title":396,"description":397,"plans":398},"em07-dXcQ2Of2IhpZzUeDQ","Mandatory MFA","\u003Cp>Administrator can make multi factor authentication mandatory for all 0patch Central users\u003C/p>",[399],{"id":286,"title":287},{"id":401,"title":402,"description":403,"plans":404},"DJ9WqVROQWiRnUxDr8ckeQ","SAML single sign-on","\u003Cp>Login to 0patch Central through your identity provider using the SAML protocol\u003C/p>",[405],{"id":286,"title":287},{"id":407,"title":408,"description":409,"plans":410},"c73GoxWmTXS5muxHXFl3HA","SCIM provisioning","\u003Cp>Manage 0patch Central users with your identity provider using SCIM protocol\u003C/p>",[411],{"id":286,"title":287},{"id":413,"title":414,"description":415,"plans":416},"QM6mK9qtTBe5OtMWfVnvvg","Professional services","\u003Cp>Custom patches and additional professional services are available to large customers\u003C/p>",[417],{"id":286,"title":287},"patch_category","Features","T2nlr7wWS3eNfLE8hfA1ew","features","2025-12-05",{"__typename":290,"_allReferencingPatchesMeta":424,"_allReferencingPatches":426,"_modelApiKey":418,"name":504,"id":505,"slug":506,"icon":507,"supportDate":519},{"count":425},11,[427,434,441,448,455,462,469,476,483,490,497],{"id":428,"title":429,"description":430,"plans":431},"Wn-S2pccQbKHM4Qi_CFf0Q","Windows 11 22H2 patches","\u003Cp>Windows 11 22H2 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+11\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 11 patches\u003C/a>\u003C/strong>\u003C/p>",[432,433],{"id":283,"title":284},{"id":286,"title":287},{"id":435,"title":436,"description":437,"plans":438},"KLIOm9vRTpWNef0hEYPZRw","Windows 11 21H2 patches","\u003Cp>Windows 11 21H2 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+11\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 11 patches\u003C/a>\u003C/strong>\u003C/p>",[439,440],{"id":283,"title":284},{"id":286,"title":287},{"id":442,"title":443,"description":444,"plans":445},"Z-_sUVTSRcyneegSkg6tEg","Windows 10 22H2 post-EOS patches","\u003Cp>Windows 10 22H2 post-end-of-support patches, for computers without Extended Security Updates (ESU), or computers with any full year of ESU updates installed\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[446,447],{"id":283,"title":284},{"id":286,"title":287},{"id":449,"title":450,"description":451,"plans":452},"OG3314TtS_mGEWsQ7I7rVg","Windows 10 21H2 patches","\u003Cp>Windows 10 21H2 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[453,454],{"id":283,"title":284},{"id":286,"title":287},{"id":456,"title":457,"description":458,"plans":459},"d-2ES_YuR7C4QuSmcXgi0Q","Windows 10 21H1 patches","\u003Cp>Windows 10 21H1 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[460,461],{"id":283,"title":284},{"id":286,"title":287},{"id":463,"title":464,"description":465,"plans":466},"R-A6Aep1TCCVLYwFbfK3Sw","Windows 10 20H2 patches","\u003Cp>Windows 10 20H2 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[467,468],{"id":283,"title":284},{"id":286,"title":287},{"id":470,"title":471,"description":472,"plans":473},"Dg4FaK9fS8KTa1o3Qhor6w","Windows 10 2004 patches","\u003Cp>Windows 10 2004 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[474,475],{"id":286,"title":287},{"id":283,"title":284},{"id":477,"title":478,"description":479,"plans":480},"MJlLPyxqTcy9ys2UaZYNKQ","Windows 10 v1909 patches","\u003Cp>Windows 10 1909 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[481,482],{"id":283,"title":284},{"id":286,"title":287},{"id":484,"title":485,"description":486,"plans":487},"GscjCa1TQOe5p5Or7g2qyw","Windows 10 v1809 patches","\u003Cp>Windows 10 1809 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[488,489],{"id":283,"title":284},{"id":286,"title":287},{"id":491,"title":492,"description":493,"plans":494},"OeQ8xMmJTmadIiPcKYkhvw","Windows 10 v1803 patches","\u003Cp>Windows 10 1803 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[495,496],{"id":283,"title":284},{"id":286,"title":287},{"id":498,"title":499,"description":500,"plans":501},"Obe8z8snRYGoLT6BZyzhZw","Windows 7 post-EOS and post-ESU patches","\u003Cp>Windows 7 post-end-of-support patches, for computers without Extended Security Updates (ESU), or computers with any full year of ESU updates installed\u003C/p>",[502,503],{"id":283,"title":284},{"id":286,"title":287},"Windows Patches","DXze3dvpTu-HF132vKjSug","microsoft-windows-xp",{"alt":508,"url":509,"width":510,"height":510,"responsiveImage":511},"Windows 11 logo","https://www.datocms-assets.com/166020/1764600963-win11.png",300,{"srcSet":512,"webpSrcSet":513,"sizes":514,"src":515,"width":516,"height":516,"aspectRatio":210,"alt":508,"title":18,"bgColor":517,"base64":518},"https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&fit=crop&h=40 40w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&h=40 60w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&h=40 80w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&h=40 120w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&h=40 160w","https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&fit=crop&fm=webp&h=40 40w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&fm=webp&h=40 60w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&fm=webp&h=40 80w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&fm=webp&h=40 120w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&fm=webp&h=40 160w","(max-width: 40px) 100vw, 40px","https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&fit=crop&h=40",40,"#0278cf","data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAMAAADXqc3KAAAA51BMVEUAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtG9HcQcAAAATXRSTlMAAQIDBAUGBwkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY4OTo7PD0+P0BBQkNERUZHSEpLTE1OTwjw0A0AAAEqSURBVHjapZHbbsMgDIZNcMwhm7ZW097/+XrTToNwSGKPkraqtN3NCAn/H8LmN4L2LxbyOcMer0cHJcYF9UhEwHQH10yWBdAa7y0MJW5dN9NkQQsgTuS9UUMNoQM/eQcaGiBjRlJMpgNljWlPrSugiABc9yOkpSKYeBhYlZR2MSUjUtJc8EKlWpXP8379QpAhxVCRc56tSvdu4VSt5NhqtHPOTxXgonpBhF+xN/IHgP8AlO1ZYu5AO08ynx/ym+UUm7sf1MF4uumfhwZCKHgg70YZuXx1cDi+W3ZEBR0Zi7wZs4/JOmdEbaxRuC3hXrA7ezW/BaZNwco57SYuuWQlpdaK37SuxPH75m4IxJBjLBjrxpVjuHWbYptHnts8Kg+at1Lv/6hVt12XH8K5sGlN/hfaAAAAAElFTkSuQmCC","2025-06-25",{"__typename":290,"_allReferencingPatchesMeta":521,"_allReferencingPatches":523,"_modelApiKey":418,"name":545,"id":546,"slug":547,"icon":548,"supportDate":519},{"count":522},3,[524,531,538],{"id":525,"title":526,"description":527,"plans":528},"DMZZcGMvQfaRElACxvHXyA","Windows Server 2012 R2 post-EOS patches","\u003Cp>Windows Server 2012 R2 post-end-of-support patches, for computers without Extended Security Updates (ESU), or computers with any full year of ESU updates installed\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+Server+2012+R2\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows Server 2012 R2 patches\u003C/a>\u003C/strong>\u003C/p>",[529,530],{"id":283,"title":284},{"id":286,"title":287},{"id":532,"title":533,"description":534,"plans":535},"ZaeezXKkT3KGln5CQ4NH9w","Windows Server 2012 post-EOS patches","\u003Cp>Windows Server 2012 post-end-of-support patches, for computers without Extended Security Updates (ESU), or computers with any full year of ESU updates installed\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+Server+2012\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows Server 2012 patches\u003C/a>\u003C/strong>\u003C/p>",[536,537],{"id":283,"title":284},{"id":286,"title":287},{"id":539,"title":540,"description":541,"plans":542},"RYxw9xwXR3-OWnsdr8dFEg","Windows Server 2008 R2 post-EOS and post-ESU patches","\u003Cp>Windows Server 2008 R2 post-end-of-support patches, for computers without Extended Security Updates (ESU), or computers with any full year of ESU updates installed\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+Server+2008+R2\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows Server 2008 R2 patches\u003C/a>\u003C/strong>\u003C/p>",[543,544],{"id":283,"title":284},{"id":286,"title":287},"Windows Server Patches","J7WLPCrKS7i7B8sAyJpKWg","microsoft-windows-vista",{"alt":549,"url":550,"width":551,"height":510,"responsiveImage":552},"Windows Server 2012-2022 logo","https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png",296,{"srcSet":553,"webpSrcSet":554,"sizes":555,"src":556,"width":557,"height":516,"aspectRatio":558,"alt":549,"title":18,"bgColor":559,"base64":560},"https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&fit=crop&h=40 39w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&h=40 58w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&h=40 78w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&h=40 117w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&h=40 156w","https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&fit=crop&fm=webp&h=40 39w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&fm=webp&h=40 58w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&fm=webp&h=40 78w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&fm=webp&h=40 117w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&fm=webp&h=40 156w","(max-width: 39px) 100vw, 39px","https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&fit=crop&h=40",39,0.975,"#0b1f8e","data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAYCAMAAAAmopZHAAABRFBMVEUAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIis0k1eAAAAbHRSTlMAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSkxNTk9QUVRVVldYWVpbXF1fYWJjZGVmZ2lqa2xtbnBzdHY8yRY6AAABF0lEQVR42o2STU/EIBCGmWEodGm77sWj//+PeVAvRrNAYYY63cREs42R45PJ+xXIHD/6L0eU7Y7DZR4tl5QqGQQ0XXbql4fLHCyv11zpCRCMMIux43w5R4+yTqXSGQA24cadwuidG5C7iCG58dZaZ0ODs13vi+q8AxjltQr6VPKsOjkpf73Z9t23fn5+xICcs3L+mTOlkwcu9b5XKiCHfdXugNs4qE5WvoBFs+dRGmKMA7aSSqNHRAudWxXjwjTt92vSvguSxW0fAtw4ncYB+pprow6b0YkACIfRhxNBt+gqvVnnSKv1ze5DVIOdpQo9q7ezuoUhPy3LNFjhovoag787v8TzHEhqLvw7//VqAvXKB33L3//hC+5Cl3o2W4MJAAAAAElFTkSuQmCC",{"__typename":290,"_allReferencingPatchesMeta":562,"_allReferencingPatches":564,"_modelApiKey":418,"name":593,"id":594,"slug":595,"icon":596,"supportDate":519},{"count":563},4,[565,572,579,586],{"id":566,"title":567,"description":568,"plans":569},"axmNaLDGSs2BLTpJNU-fuQ","Microsoft Office 2019 post-EOS patches","\u003Cp>Microsoft Office 2019 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Office+2019\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Microsoft Office 2019 patches\u003C/a>\u003C/strong>\u003C/p>",[570,571],{"id":283,"title":284},{"id":286,"title":287},{"id":573,"title":574,"description":575,"plans":576},"MkFk40IJQhCcXnIO2ZDd4Q","Microsoft Office 2016 post-EOS patches","\u003Cp>Microsoft Office 2016 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Office+2016\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Microsoft Office 2016 patches\u003C/a>\u003C/strong>\u003C/p>",[577,578],{"id":283,"title":284},{"id":286,"title":287},{"id":580,"title":581,"description":582,"plans":583},"FFqWfGxfQF2q0uyjyRjVWg","Microsoft Office 2013 post-EOS patches","\u003Cp>Microsoft Office 2013 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Office+2013\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Microsoft Office 2013 patches\u003C/a>\u003C/strong>\u003C/p>",[584,585],{"id":283,"title":284},{"id":286,"title":287},{"id":587,"title":588,"description":589,"plans":590},"XFYgrsOyRpeuEXk29M4z9g","Microsoft Office 2010 post-EOS patches","\u003Cp>Microsoft Office 2010 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Office+2010\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Microsoft Office 2010 patches\u003C/a>\u003C/strong>\u003C/p>",[591,592],{"id":283,"title":284},{"id":286,"title":287},"Microsoft Office Patches","VH2unwR4RjycDA1o_6eSFw","microsoft-windows-7",{"alt":597,"url":598,"width":510,"height":510,"responsiveImage":599},"Microsoft Office logo","https://www.datocms-assets.com/166020/1764600963-office2013_2019.png",{"srcSet":600,"webpSrcSet":601,"sizes":514,"src":602,"width":516,"height":516,"aspectRatio":210,"alt":597,"title":18,"bgColor":603,"base64":604},"https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&fit=crop&h=40 40w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&h=40 60w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&h=40 80w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&h=40 120w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&h=40 160w","https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&fit=crop&fm=webp&h=40 40w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&fm=webp&h=40 60w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&fm=webp&h=40 80w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&fm=webp&h=40 120w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&fm=webp&h=40 160w","https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&fit=crop&h=40","#eb3c00","data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAMAAADXqc3KAAABSlBMVEXqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPAAMDLSTAAAAbnRSTlMAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAiIyQlJicoKSorLS4vMTIzNDU2Nzk6Ozw9P0BBQkNERkpMTU5PUFFSVVZXWVpbXF1eX2BhYmNkZmdoaWpsbW5vcHFzdXZ4fH5/gIKDhBdTJiUAAAERSURBVHjabdE5doQwDAZgSV6AwMsU06TN/e+TM6SfyeBNUsALTeKGhz7wL8sWzoU21yd8fN6Xn++vAGDruzcdyFhjrBuAK0mo4Kz3PL89OrxvyA0s+Un9Cg38bZPUtrLOmXleUSvctrk4W1obZHVZtscJ0zo5Ral1FsAjfG7gDCo3iLmIknU1w4BybtnwyqmAaAsXzhhfDZ4hMjJrhVwy7B1iiIWycIPktO90flWIz8ATctY8QERQtQEUVh6ARIjQT86Mow7OGDqsg+IQcs4CjT8KXzB7Rwraujo6Qe3g7TEF4dTHHmGEGwKVFF4ddkhXu8yxjqFd7T7qzDmG9LzgWqWkuO//QS4xhf0viDJzvctfA1KXpEpvxgMAAAAASUVORK5CYII=",{"__typename":290,"_allReferencingPatchesMeta":606,"_allReferencingPatches":607,"_modelApiKey":418,"name":614,"id":615,"slug":616,"icon":617,"supportDate":519},{"count":210},[608],{"id":609,"title":610,"description":611,"plans":612},"OuJP-mYgRRi-wc8RTcRbUg","Other products patches","\u003Cp>We occasionally patch other Windows products, for instance when a critical vulnerability becomes known and the vendor does not provide an official patch in a timely manner\u003C/p>",[613],{"id":283,"title":284},"Other","BrWA-hAsQYSROgTvF-1ecA","microsoft-windows-11",{"alt":618,"url":619,"width":620,"height":621,"responsiveImage":18},"Windows 7","https://www.datocms-assets.com/166020/1754390080-layer1.svg",44,38,[623,628,632,636,640,644,648,652,656,660],{"__typename":624,"id":625,"name":626,"slug":627},"CountryRecord","WYcngTKjTLSCPKXF1CGc3Q","Germany","germany",{"__typename":624,"id":629,"name":630,"slug":631},"W7K_V8xIQ4esd1pdctvLRg","Switzerland","switzerland",{"__typename":624,"id":633,"name":634,"slug":635},"YCAHqeAMSp2PAVyP3KGV4w","International","international",{"__typename":624,"id":637,"name":638,"slug":639},"IKNwlfjMQXOfKhtUID30BQ","Singapore","singapore",{"__typename":624,"id":641,"name":642,"slug":643},"UzXo_gH5Te-UnOfNwdsfWQ","Netherlands","netherlands",{"__typename":624,"id":645,"name":646,"slug":647},"JKw7Q4wpQ8eGJjvHXwfSAA","Spain","spain",{"__typename":624,"id":649,"name":650,"slug":651},"RZbGpAInTEivnMxZzdTzwg","Poland","poland",{"__typename":624,"id":653,"name":654,"slug":655},"NwnHmUQ6RIK_OV9865XH3Q","Australia","australia",{"__typename":624,"id":657,"name":658,"slug":659},"HfVwBnHDSfCassEtkYx9lQ","United Kingdom","united-kingdom",{"__typename":624,"id":661,"name":662,"slug":663},"UUYGwDAYR4qLZM5UmDcmVA","USA","usa",[665,670],{"__typename":666,"id":667,"name":668,"slug":669},"PartnerCategoryRecord","dQoYak16SOaHi1odGdVqmQ","MSPs & SOCs","msps-socs",{"__typename":666,"id":671,"name":672,"slug":673},"REE7lMU8RzC9jabDARcxYQ","Resellers & Distributors","resellers-distributors",{"id":675,"_modelApiKey":676,"__typename":677,"text":678,"link":679,"menuLinks":687},"WnQYb8xeS2irpBJ41pdDRA","top_bar","TopBarRecord","Micropatches released for Windows Netlogon Remote Code Execution Vulnerability (CVE-2026-41089)",[680],{"externalLink":40,"id":681,"recordLink":682,"variant":12,"icon":685,"title":686},"K2tgUizORgyofhnuTJ36dA",{"__typename":683,"_modelApiKey":77,"slug":684},"ArticleRecord","micropatches-released-for-windows-netlogon-remote-code-execution-vulnerability-cv",false,"Learn more",[688,691],{"id":689,"primary":685,"externalLink":95,"parent":18,"reference":18,"title":690,"description":40,"publishTranslation":42},"B1pEweRaRD2YBkP6aH1CfA","Help center",{"id":692,"primary":42,"externalLink":693,"parent":18,"reference":18,"title":694,"description":40,"publishTranslation":42},"Mk0Yz-yqTk2akShgf7ARNg","https://central.0patch.com/","Sign in",[696,700],{"id":697,"title":698,"url":699},"NDrk5d4kQ96J2aCuTr-gvg","0patch on X","https://twitter.com/0patch",{"id":701,"title":702,"url":703},"GqN4lYxyTMyzcmRllVY4mg","Linked In","https://linkedin.com/company/0patch",{"left":705,"top":705,"width":706,"height":706,"rotate":705,"vFlip":685,"hFlip":685,"body":707},0,24,"\u003Cg fill=\"none\">\u003Cpath d=\"M11.9999 15.0539L6.34619 9.40013L7.39994 8.34637L11.9999 12.9464L16.5999 8.34637L17.6537 9.40013L11.9999 15.0539Z\" fill=\"currentColor\"/>\u003C/g>",{"left":705,"top":705,"width":706,"height":706,"rotate":705,"vFlip":685,"hFlip":685,"body":709},"\u003Cg fill=\"none\">\u003Cpath d=\"M9.5501 18.0001L3.8501 12.3001L5.2751 10.8751L9.5501 15.1501L18.7251 5.9751L20.1501 7.4001L9.5501 18.0001Z\" fill=\"currentColor\"/>\u003C/g>",{"left":705,"top":705,"width":706,"height":706,"rotate":705,"vFlip":685,"hFlip":685,"body":711},"\u003Cg fill=\"none\">\u003Cpath d=\"M5.55375 19.5001L4.5 18.4464L15.9462 7.00012H9V5.50012H18.5V15.0001H17V8.05387L5.55375 19.5001Z\" fill=\"currentColor\"/>\u003C/g>",{"article":713},{"_firstPublishedAt":714,"_publishedAt":715,"_updatedAt":716,"_seoMetaTags":717,"_allSlugLocales":784,"_allPublishTranslationLocales":787,"published":789,"__typename":683,"_modelApiKey":77,"author":790,"createdAt":791,"id":792,"excerpt":40,"body":793,"image":1033,"readTime":40,"title":725,"slug":786,"publishTranslation":42,"seoMetadata":18},"2025-08-21T14:27:24+02:00","2025-09-09T12:21:45+02:00","2025-09-09T12:21:44+02:00",[718,721,726,729,733,736,739,743,747,751,754,757,760,763,766,769,773,776,780],{"tag":719,"attributes":18,"content":720},"title","0patching the Quick Brown Fox of CVE-2017-0283 | 0patch",{"tag":722,"attributes":723,"content":18},"meta",{"property":724,"content":725},"og:title","0patching the Quick Brown Fox of CVE-2017-0283",{"tag":722,"attributes":727,"content":18},{"name":728,"content":725},"twitter:title",{"tag":722,"attributes":730,"content":18},{"name":731,"content":732},"description","This is a 0patch website.",{"tag":722,"attributes":734,"content":18},{"property":735,"content":732},"og:description",{"tag":722,"attributes":737,"content":18},{"name":738,"content":732},"twitter:description",{"tag":722,"attributes":740,"content":18},{"property":741,"content":742},"og:image","https://www.datocms-assets.com/166020/1755779236-loop.png?auto=format&fit=max&w=1200",{"tag":722,"attributes":744,"content":18},{"property":745,"content":746},"og:image:width","640",{"tag":722,"attributes":748,"content":18},{"property":749,"content":750},"og:image:height","247",{"tag":722,"attributes":752,"content":18},{"property":753,"content":725},"og:image:alt",{"tag":722,"attributes":755,"content":18},{"name":756,"content":742},"twitter:image",{"tag":722,"attributes":758,"content":18},{"name":759,"content":725},"twitter:image:alt",{"tag":722,"attributes":761,"content":18},{"property":762,"content":32},"og:locale",{"tag":722,"attributes":764,"content":18},{"property":765,"content":77},"og:type",{"tag":722,"attributes":767,"content":18},{"property":768,"content":6},"og:site_name",{"tag":722,"attributes":770,"content":18},{"property":771,"content":772},"article:modified_time","2025-09-09T10:21:44Z",{"tag":722,"attributes":774,"content":18},{"property":775,"content":40},"article:publisher",{"tag":722,"attributes":777,"content":18},{"name":778,"content":779},"twitter:card","summary",{"tag":722,"attributes":781,"content":18},{"name":782,"content":783},"robots","noindex",[785],{"value":786,"locale":32},"0patching-quick-brown-fox-of-cve-2017",[788],{"value":42,"locale":32},"2017-07-10T11:19:00+02:00","Luka Treiber","2025-08-21T14:27:23+02:00","KXwFcKXbSzaEugQfEfxO6g",{"blocks":794,"links":865,"value":866},[795,810,824,838,851],{"id":796,"_modelApiKey":797,"__typename":798,"image":799},"VZvPBJ3mR3an4L-Kl0XIvA","image","ImageRecord",{"alt":725,"url":800,"width":801,"height":802,"responsiveImage":803},"https://www.datocms-assets.com/166020/1755779236-loop.png",640,247,{"srcSet":804,"webpSrcSet":805,"sizes":806,"src":800,"width":801,"height":802,"aspectRatio":807,"alt":725,"title":725,"bgColor":808,"base64":809},"https://www.datocms-assets.com/166020/1755779236-loop.png?dpr=0.25 160w,https://www.datocms-assets.com/166020/1755779236-loop.png?dpr=0.5 320w,https://www.datocms-assets.com/166020/1755779236-loop.png?dpr=0.75 480w,https://www.datocms-assets.com/166020/1755779236-loop.png 640w","https://www.datocms-assets.com/166020/1755779236-loop.png?dpr=0.25&fm=webp 160w,https://www.datocms-assets.com/166020/1755779236-loop.png?dpr=0.5&fm=webp 320w,https://www.datocms-assets.com/166020/1755779236-loop.png?dpr=0.75&fm=webp 480w,https://www.datocms-assets.com/166020/1755779236-loop.png?fm=webp 640w","(max-width: 640px) 100vw, 640px",2.591093117408907,"#4eb84d","data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAoHBwgHBgoICAgFCgoFBQwFBQUFBREJCgUMFxMZGBYTFhUaHysjGh0oHRUWJDUlKC0vMjIyGSI4PTcwPCsxMi8BCgsLBQUFEAUFEC8cFhwvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL//AABEIAAoAGAMBIgACEQEDEQH/xAAVAAEBAAAAAAAAAAAAAAAAAAAAB//EABQQAQAAAAAAAAAAAAAAAAAAAAD/xAAVAQEBAAAAAAAAAAAAAAAAAAACAP/EABQRAQAAAAAAAAAAAAAAAAAAAAD/2gAMAwEAAhEDEQA/ALAAIgCT/9k=",{"id":811,"_modelApiKey":797,"__typename":798,"image":812},"PX1mvBUjRjyBAAd7bAKNyQ",{"alt":813,"url":814,"width":815,"height":816,"responsiveImage":817},"ttogettableinfo_new","https://www.datocms-assets.com/166020/1757413124-ttogettableinfo_new.png",923,216,{"srcSet":818,"webpSrcSet":819,"sizes":820,"src":814,"width":815,"height":816,"aspectRatio":821,"alt":813,"title":813,"bgColor":822,"base64":823},"https://www.datocms-assets.com/166020/1757413124-ttogettableinfo_new.png?dpr=0.25 230w,https://www.datocms-assets.com/166020/1757413124-ttogettableinfo_new.png?dpr=0.5 461w,https://www.datocms-assets.com/166020/1757413124-ttogettableinfo_new.png?dpr=0.75 692w,https://www.datocms-assets.com/166020/1757413124-ttogettableinfo_new.png 923w","https://www.datocms-assets.com/166020/1757413124-ttogettableinfo_new.png?dpr=0.25&fm=webp 230w,https://www.datocms-assets.com/166020/1757413124-ttogettableinfo_new.png?dpr=0.5&fm=webp 461w,https://www.datocms-assets.com/166020/1757413124-ttogettableinfo_new.png?dpr=0.75&fm=webp 692w,https://www.datocms-assets.com/166020/1757413124-ttogettableinfo_new.png?fm=webp 923w","(max-width: 923px) 100vw, 923px",4.273148148148148,"#328ae6","data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAoHBwgHBgoICAgVCgoLDhgKFRUNDh0NDREMFxUdGBYTFhUaJisjGh0oHRUWJDUlKC0vMjIyGSI4PTcwPCsxMi8BCgsLDg0OHQsNHDscFhwvLy8vLy87Oy8vLy8vLy8vLy8vLy87Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL//AABEIAAYAGAMBIgACEQEDEQH/xAAWAAEBAQAAAAAAAAAAAAAAAAAABwL/xAAbEAACAgMBAAAAAAAAAAAAAAAAAwEzAhNDEv/EABYBAAMAAAAAAAAAAAAAAAAAAAACA//EABcRAAMBAAAAAAAAAAAAAAAAAAABEhH/2gAMAwEAAhEDEQA/AKpof6uNQh05WgCEoQzQ6OwADAhH/9k=",{"id":825,"_modelApiKey":797,"__typename":798,"image":826},"WRVN1wSfRgOqG1dGi2StCw",{"alt":827,"url":828,"width":829,"height":830,"responsiveImage":831},"cmp","https://www.datocms-assets.com/166020/1757413124-cmp.png",775,116,{"srcSet":832,"webpSrcSet":833,"sizes":834,"src":828,"width":829,"height":830,"aspectRatio":835,"alt":827,"title":827,"bgColor":836,"base64":837},"https://www.datocms-assets.com/166020/1757413124-cmp.png?dpr=0.25 193w,https://www.datocms-assets.com/166020/1757413124-cmp.png?dpr=0.5 387w,https://www.datocms-assets.com/166020/1757413124-cmp.png?dpr=0.75 581w,https://www.datocms-assets.com/166020/1757413124-cmp.png 775w","https://www.datocms-assets.com/166020/1757413124-cmp.png?dpr=0.25&fm=webp 193w,https://www.datocms-assets.com/166020/1757413124-cmp.png?dpr=0.5&fm=webp 387w,https://www.datocms-assets.com/166020/1757413124-cmp.png?dpr=0.75&fm=webp 581w,https://www.datocms-assets.com/166020/1757413124-cmp.png?fm=webp 775w","(max-width: 775px) 100vw, 775px",6.681034482758621,"#3585eb","data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAoHBwgHBgoICAgFCgoFBQwFBQUFBREJCgUMFxMZGBYTFhUaHysjGh0oHRUWJDUlKC0vMjIyGSI4PTcwPCsxMi8BCgsLBQUFEAUFEC8cFhwvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL//AABEIAAQAGAMBIgACEQEDEQH/xAAVAAEBAAAAAAAAAAAAAAAAAAAAB//EABQQAQAAAAAAAAAAAAAAAAAAAAD/xAAVAQEBAAAAAAAAAAAAAAAAAAACAP/EABQRAQAAAAAAAAAAAAAAAAAAAAD/2gAMAwEAAhEDEQA/AKWAQgCT/9k=",{"id":839,"_modelApiKey":797,"__typename":798,"image":840},"J8S-lHaCRdebfY0EhuR5OA",{"alt":841,"url":842,"width":843,"height":844,"responsiveImage":845},"mergeligrecords_new","https://www.datocms-assets.com/166020/1757413124-mergeligrecords_new.png",901,214,{"srcSet":846,"webpSrcSet":847,"sizes":848,"src":842,"width":843,"height":844,"aspectRatio":849,"alt":841,"title":841,"bgColor":822,"base64":850},"https://www.datocms-assets.com/166020/1757413124-mergeligrecords_new.png?dpr=0.25 225w,https://www.datocms-assets.com/166020/1757413124-mergeligrecords_new.png?dpr=0.5 450w,https://www.datocms-assets.com/166020/1757413124-mergeligrecords_new.png?dpr=0.75 675w,https://www.datocms-assets.com/166020/1757413124-mergeligrecords_new.png 901w","https://www.datocms-assets.com/166020/1757413124-mergeligrecords_new.png?dpr=0.25&fm=webp 225w,https://www.datocms-assets.com/166020/1757413124-mergeligrecords_new.png?dpr=0.5&fm=webp 450w,https://www.datocms-assets.com/166020/1757413124-mergeligrecords_new.png?dpr=0.75&fm=webp 675w,https://www.datocms-assets.com/166020/1757413124-mergeligrecords_new.png?fm=webp 901w","(max-width: 901px) 100vw, 901px",4.210280373831775,"data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAoHBwgODQgHCAgICAYLBxgHDgYIDREKDgUMFxUZGBYTFiEaHysjGh0oHRUWJDUlKC0vMjIyGSI4PTcwPCsxMi8BCgsLDgwOHRANHDscFhwvLy8vLy87Oy8vLy8vLy8vLy8vLy87Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL//AABEIAAYAGAMBIgACEQEDEQH/xAAWAAEBAQAAAAAAAAAAAAAAAAAAAQf/xAAXEAEAAwAAAAAAAAAAAAAAAAAAARFR/8QAFgEAAwAAAAAAAAAAAAAAAAAAAAID/8QAFxEBAQEBAAAAAAAAAAAAAAAAAAESAv/aAAwDAQACEQMRAD8A0u4xbjAIjeYXGIAGY//Z",{"id":852,"_modelApiKey":797,"__typename":798,"image":853},"Xb_RU4nDToW4IV5E5kMoow",{"alt":854,"url":855,"width":856,"height":857,"responsiveImage":858},"attrib_match","https://www.datocms-assets.com/166020/1757413124-attrib_match.png",1600,126,{"srcSet":859,"webpSrcSet":860,"sizes":861,"src":855,"width":856,"height":857,"aspectRatio":862,"alt":854,"title":854,"bgColor":863,"base64":864},"https://www.datocms-assets.com/166020/1757413124-attrib_match.png?dpr=0.25 400w,https://www.datocms-assets.com/166020/1757413124-attrib_match.png?dpr=0.5 800w,https://www.datocms-assets.com/166020/1757413124-attrib_match.png?dpr=0.75 1200w,https://www.datocms-assets.com/166020/1757413124-attrib_match.png 1600w","https://www.datocms-assets.com/166020/1757413124-attrib_match.png?dpr=0.25&fm=webp 400w,https://www.datocms-assets.com/166020/1757413124-attrib_match.png?dpr=0.5&fm=webp 800w,https://www.datocms-assets.com/166020/1757413124-attrib_match.png?dpr=0.75&fm=webp 1200w,https://www.datocms-assets.com/166020/1757413124-attrib_match.png?fm=webp 1600w","(max-width: 1600px) 100vw, 1600px",12.698412698412698,"#a00303","data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAoHBw4GBg4GBhELBgYFDhYFBQYGFxEJDQUMFxUZGBYTFhUaHysjGh0oHRUWJDUlKC0vMjIyGSI4PTcwPCsxMi8BCgsLDgoOEBAQHDscFhwvLy8vLy87Oy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL//AABEIAAIAGAMBIgACEQEDEQH/xAAWAAEBAQAAAAAAAAAAAAAAAAAAAQf/xAAUEAEAAAAAAAAAAAAAAAAAAAAA/8QAFgEBAQEAAAAAAAAAAAAAAAAAAgMA/8QAFBEBAAAAAAAAAAAAAAAAAAAAAP/aAAwDAQACEQMRAD8A0sAEFQGF/9k=",[],{"schema":867,"document":868},"dast",{"type":869,"children":870},"root",[871,910,942,956,958,962,963,966,967,970,971,981,982,1030],{"type":872,"children":873},"paragraph",[874,877,886,888,895,897,902,904,908],{"type":875,"value":876},"span","Among many other things, last Patch Tuesday brought a fix for an RCE vulnerability named \"Windows Uniscribe font processing heap-based memory corruption in USP10!MergeLigRecords\".  A couple of days later ",{"url":878,"meta":879,"type":12,"children":883},"https://twitter.com/j00ru",[880],{"id":881,"value":882},"target","_blank",[884],{"type":875,"value":885},"Mateusz Jurczyk",{"type":875,"value":887}," of Google Project Zero published a ",{"url":889,"meta":890,"type":12,"children":892},"https://bugs.chromium.org/p/project-zero/issues/detail?id=1198&can=1&q=uniscribe&sort=-id",[891],{"id":881,"value":882},[893],{"type":875,"value":894},"report",{"type":875,"value":896}," with ",{"url":898,"type":12,"children":899},"https://bugs.chromium.org/p/project-zero/issues/attachment?aid=275873",[900],{"type":875,"value":901},"PoC",{"type":875,"value":903}," attached. Out of the eight vulnerabilities reported at the same time in that Windows library I chose to patch this one for being the most severe.\n\n\n",{"type":875,"marks":905,"value":907},[906],"strong","Reproduction",{"type":875,"value":909},"\n\nOpening font files from the PoC.zip package in Windows Font Viewer displayed the \"quick brown fox text\" in weird constellations but without a crash. With no exact PoC instructions given this was the procedure that worked for me on Windows 7 x64:\n",{"type":911,"style":912,"children":913},"list","numbered",[914,924,930,936],{"type":915,"children":916},"listItem",[917],{"type":872,"children":918},[919,921],{"type":875,"value":920},"unpack the ",{"url":898,"type":12,"children":922},[923],{"type":875,"value":901},{"type":915,"children":925},[926],{"type":872,"children":927},[928],{"type":875,"value":929},"install signal_sigsegv_313372b5_210_42111ccffd2e10aba8b5e6ba45289ef3.ttf (or any other TTF from the package) on the system",{"type":915,"children":931},[932],{"type":872,"children":933},[934],{"type":875,"value":935},"run Notepad",{"type":915,"children":937},[938],{"type":872,"children":939},[940],{"type":875,"value":941},"select Format->Font...>[Font] 4000 Tall and [Script] Arabic",{"type":872,"children":943},[944,946,949,951,954],{"type":875,"value":945},"immediately a crash occurs at\n\n(1410.378): Unknown exception - code c000041d (!!! second chance !!!)\nmsvcrt!memcpy+0x1c0:\n000007fe`fd651444 8a040a          mov     al,byte ptr [rdx+rcx] ds:00000000`025230e8=??\n\nThe callstack: it matches the one from report\n\nmsvcrt!memcpy+0x1c0\nUSP10!MergeLigRecords+0x7f\nUSP10!LoadTTOArabicShapeTables+0x5f8\nUSP10!LoadArabicShapeTables+0x148\nUSP10!ArabicLoadTbl+0xf0\nUSP10!UpdateCache+0xf5\n\n\n",{"type":875,"marks":947,"value":948},[906],"Analysis of the PoC",{"type":875,"value":950},"\n\nIt is usually worth to take a look at PoC and try to understand its payload first before diving into debugging, and thus save a lot of time by knowing what data patterns to look for in the application's memory. So I searched the Internet for the original TTF file the PoC was derived from. I quickly found one and started diffing the two files in order to locate malformed font attributes. Comparison showed a common structure of the files. However, it became clear that an automatic fuzzer was used and too many attributes were polluted with suspicious values to sift through by hand. That task was definitely not a time-saver so I had to give it up.\n\n\n",{"type":875,"marks":952,"value":953},[906],"Analysis of the official patch",{"type":875,"value":955},"\n\nExtracting and analyzing the official patch is the next reasonable thing to do after a Patch Tuesday. So let's see how this goes.\n\nThe vulnerable version 1.626.7601.23688 of usp10.dll got replaced by the patched 1.626.7601.23807. The files are both of approximately the same size (788KB) and when compared using BinDiff a match of 733 functions is found. Among those are also the ones from the crash call stack above. It makes sense to check differences in those functions first as the patch is often a sanity check on input data inserted before a vulnerable call. The first one - USP10!MergeLigRecords from the immediate crash context - is identical but the next one - USP10!LoadTTOArabicShapeTables - shows some interesting changes in the function graph. Left is the old (vulnerable) and right is the new (patched) version of usp10.dll\n\n\n",{"item":796,"type":957},"block",{"type":872,"children":959},[960],{"type":875,"value":961},"\n\nWe can see that the vulnerable call MergeLigRecords is enclosed in a loop.\n\n",{"item":811,"type":957},{"type":872,"children":964},[965],{"type":875,"value":40},{"item":825,"type":957},{"type":872,"children":968},[969],{"type":875,"value":40},{"item":839,"type":957},{"type":872,"children":972},[973,975,979],{"type":875,"value":974},"\n\nWithin that loop the only significant change in the patched version is the gray cmp-jnz block that has been added to the patched DLL version. Could this be",{"type":875,"marks":976,"value":978},[977],"emphasis","the ",{"type":875,"value":980},"patch? With limited analysis done so far it is hard to say what the data in comparison (rsp+var_9C) means, but it is clear that by introduction of that block the criteria to reach the problematic call is more refined than in the old version. This is also a behavior I would expect of a patch.\n\nThe only way to make sure is to debug. So we start WinDbg and attach it to notepad.exe on a vulnerable system. We set three breakpoints. One at the vulnerable MergeLigRecords, one before the call to ttoGetTableInfo, and one after. The ttoGetTableInfo call is interesting because it takes two struct parameters - TTOOutput and TTOInput. The gray if block that follows right after, checks if one of the TTOOutput attributes (rsp+var_9C) is 4 and in case of a mismatch exits the loop. So what we're interested in is where/if rsp+var_9C changes inside ttoGetTableInfo and how it is related to the crash inside MergeLigRecords. Before we hit [F5] in WinDbg and click-through the PoC we also need to locate a match for the rsp+var_9C attribute from the patched version in the vulnerable code.\n\n",{"item":852,"type":957},{"type":872,"children":983},[984,986,989,991,993,995,997,999,1001,1002,1005,1007,1010,1012,1017,1019,1022,1024,1028],{"type":875,"value":985},"\n\n\nWe see that, conveniently, a reference to the same attribute can be found in the old LoadTTOArabicShapeTables named as rsp+var_A4 (it resolves to @rsp+34 in the snippets below).\n\nNow we can observe our checkpoints in WinDbg\n\n0:002> bu0 @!\"usp10\"+1e32f \"dw @rsp+34 L1\";\n0:002> bu1 @!\"usp10\"+1e334 \"dw @rsp+34 L1\";\n0:002> bu2 @!\"usp10\"+1e3f3;\n0:002> g\n\nIn the first two passes, the value of var_A4 is 0004 and does not change. Also the USP10!MergeLigRecords call executes without a crash.\n\nUSP10!LoadTTOArabicShapeTables+0x52f:\n000007fe`fd59e32f e8bcfd0000      call    USP10!ttoGetTableInfo (000007fe`fd5ae0f0)\n0:000> g\n00000000`001edd14  ",{"type":875,"marks":987,"value":988},[906],"0004",{"type":875,"value":990},"\nUSP10!LoadTTOArabicShapeTables+0x534:\n000007fe`fd59e334 85c0            test    eax,eax\n0:000> g\nBreakpoint 2 hit\nUSP10!LoadTTOArabicShapeTables+0x5f3:\n000007fe`fd59e3f3 e8b8010000      call    USP10!MergeLigRecords (000007fe`fd59e5b0)\n0:000> g\n00000000`001edd14  ",{"type":875,"marks":992,"value":988},[906],{"type":875,"value":994},"\nUSP10!LoadTTOArabicShapeTables+0x52f:\n000007fe`fd59e32f e8bcfd0000      call    USP10!ttoGetTableInfo (000007fe`fd5ae0f0)\n0:000> g\n00000000`001edd14  ",{"type":875,"marks":996,"value":988},[906],{"type":875,"value":998},"\nUSP10!LoadTTOArabicShapeTables+0x534:\n000007fe`fd59e334 85c0            test    eax,eax\n0:000> g\nBreakpoint 2 hit\nUSP10!LoadTTOArabicShapeTables+0x5f3:\n000007fe`fd59e3f3 e8b8010000      call    USP10!MergeLigRecords (000007fe`fd59e5b0)\n0:000> g\n\n\nIn the third pass, var_A4 gets changed by the ttoGetTableInfo call from 0004 to 0001 and MergeLigRecords crashes the app.\n\n00000000`001edd14  ",{"type":875,"marks":1000,"value":988},[906],{"type":875,"value":994},{"type":875,"marks":1003,"value":1004},[906],"0001",{"type":875,"value":1006},"\nUSP10!LoadTTOArabicShapeTables+0x534:\n000007fe`fd59e334 85c0            test    eax,eax\n0:000> g\n\nBreakpoint 2 hit\nUSP10!LoadTTOArabicShapeTables+0x5f3:\n000007fe`fd59e3f3 e8b8010000      call    USP10!MergeLigRecords (000007fe`fd59e5b0)\n0:000> p\n(14a8.189c): Access violation - code c0000005 (first chance)\nFirst chance exceptions are reported before any exception handling.\nThis exception may be expected and handled.\nmsvcrt!memcpy+0x1c0:\n000007fe`fd651444 8a040a          mov     al,byte ptr [rdx+rcx] ds:00000000`03bf5018=??\n\nAt this point we can conclude that the gray cmp-jnz block would've prevented the crash so we found a patch candidate and can make a 0patch of it.\n\n\n",{"type":875,"marks":1008,"value":1009},[906],"Patching",{"type":875,"value":1011},"\n\nSo far we've assembled all required pieces to build one - it's all in the gray block in above diff. And below is the resulting .0pp file I made.\n\nMODULE_PATH \"C:\\Windows\\System32\\usp10.dll\"\nPATCH_ID 273\nPATCH_FORMAT_VER 2\nVULN_ID 2536\nPLATFORM win64\n\npatchlet_start\nPATCHLET_ID 1\nPATCHLET_TYPE 2\nPATCHLET_OFFSET 0x0001e32f\nPIT USP10!0x2e0f0      ; import USP10!ttoGetTableInfo\nJUMPOVERBYTES 5\nN_ORIGINALBYTES 1\n\n code_start\n  call PIT_0x2e0f0     ; call USP10!ttoGetTableInfo\n  cmp word[rsp+34h], 4 ; var_A4\n  je skip              ; inverse condition from original patch\n  or eax, 01h          ; set piggyback condition\n  skip: \n code_end\npatchlet_end\nWhen turning the official patch into a 0patch I used a \"jump condition piggy-backing\" technique already described in a ",{"url":1013,"type":12,"children":1014},"https://blog.0patch.com/2017/02/0patching-0-day-windows-gdi32dll-memory.html",[1015],{"type":875,"value":1016},"previous post",{"type":875,"value":1018}," (only this time It is the ",{"type":875,"marks":1020,"value":1021},[977],"quick brown fox",{"type":875,"value":1023}," I'm piggy-backing). Conveniently the official patch is right next to a jump (jnz) that exits the problematic loop so this is also the location for our 0patch. I placed it before the original jnz. Due to lack of space (jnz is only 2 bytes long while we always need 5 to jump to our patch code) I had to place it before the ttoGetTableInfo call that 0patch Agent will substitute with the 5 byte jump. The first instruction in the patch is therefore the substituted original call to ttoGetTableInfo. What follows it is the check from the official patch. First var_A4 is compared to 4 to check if the loop can continue, otherwise eax that holds the result of ttoGetTableInfo, is set to 1 so the test eax,eax instruction from original code that follows the patch will set a jump flag (zf=0) for the jnz that will exit the loop.\n\nAfter compiling this .0pp file with 0patch Builder, the patch gets applied and the PoC crashes no more. Our team tested it also against the other TTF files from the PoC.zip package and all of them seem to be disarmed. It is worth noting, however, that this patch only covers the execution route discovered in the Reproduction section above. In the diff of LoadTTOArabicShapeTablesthere there is one more cmp-jnz gray block added to the patched usp10.dll that exits a similar loop to the one covered above. But since there is no public PoC available that would trigger that branch of execution we won't include it in a 0patch. The only safe way for 0patch to work is to cover testable execution paths.\n\nNow, if you haven't so far, install ",{"url":55,"type":12,"children":1025},[1026],{"type":875,"value":1027},"0patch Agent",{"type":875,"value":1029},"  and check the PoC to test it for yourself. Next time you see a quick brown fox jumping, make sure that you have 0patch Agent enabled.\n\n ",{"type":872,"children":1031},[1032],{"type":875,"value":40},{"alt":725,"url":800,"width":801,"height":802,"responsiveImage":1034},{"srcSet":1035,"webpSrcSet":1036,"sizes":1037,"src":1038,"width":1039,"height":1040,"aspectRatio":1041,"alt":725,"title":725,"bgColor":808,"base64":809},"https://www.datocms-assets.com/166020/1755779236-loop.png?auto=compress&crop=focalpoint&dpr=0.25&fit=crop&w=1440 360w,https://www.datocms-assets.com/166020/1755779236-loop.png?auto=compress&crop=focalpoint&fit=crop&w=1440 1440w","https://www.datocms-assets.com/166020/1755779236-loop.png?auto=compress&crop=focalpoint&dpr=0.25&fit=crop&fm=webp&w=1440 360w,https://www.datocms-assets.com/166020/1755779236-loop.png?auto=compress&crop=focalpoint&fit=crop&fm=webp&w=1440 1440w","(max-width: 1440px) 100vw, 1440px","https://www.datocms-assets.com/166020/1755779236-loop.png?auto=compress&crop=focalpoint&fit=crop&w=1440",1440,556,2.5899280575539567,1780067956577]