[{"data":1,"prerenderedAt":1424},["ShallowReactive",2],{"I-maWsoucveWH7VpbVdiZ9YJQaZbJd1SsPfUgTAv7BA":3,"i-custom:keyboard-arrow-down":704,"i-custom:check":708,"i-custom:north-east":710,"tJwCE7t-cWcjhRFb9tR1r4TcqXoZ1G_cKrIq7BjDs_Q":712},{"_site":4,"allMenuCtas":33,"allMenuItems":43,"allFooterMenuItems":207,"allFooterLinks":259,"allProductCategories":263,"allPlans":277,"allPatchCategories":288,"allCountries":622,"allPartnerCategories":664,"topBar":674,"allSocialLinks":695},{"globalSeo":5,"favicon":8,"faviconMetaTags":10,"locales":31},{"siteName":6,"titleSuffix":7},"0patch"," | 0patch",{"url":9},"https://www.datocms-assets.com/166020/1758709113-0patch_logo.svg",[11,19,23,27],{"tag":12,"attributes":13,"content":18},"link",{"sizes":14,"type":15,"rel":16,"href":17},"16x16","image/svg","icon","https://www.datocms-assets.com/166020/1758709113-0patch_logo.svg?auto=format&h=16&w=16",null,{"tag":12,"attributes":20,"content":18},{"sizes":21,"type":15,"rel":16,"href":22},"32x32","https://www.datocms-assets.com/166020/1758709113-0patch_logo.svg?auto=format&h=32&w=32",{"tag":12,"attributes":24,"content":18},{"sizes":25,"type":15,"rel":16,"href":26},"96x96","https://www.datocms-assets.com/166020/1758709113-0patch_logo.svg?auto=format&h=96&w=96",{"tag":12,"attributes":28,"content":18},{"sizes":29,"type":15,"rel":16,"href":30},"192x192","https://www.datocms-assets.com/166020/1758709113-0patch_logo.svg?auto=format&h=192&w=192",[32],"en",[34],{"id":35,"title":36,"reference":37,"externalLink":40,"variant":41,"publishTranslation":42},"7540649","Buy now",{"_modelApiKey":38,"slug":39},"page","pricing","","primary-green",true,[44,52,59,66,86,92,99,103,109,117,123,130,135,149,155,169,175],{"id":45,"children":46,"externalLink":40,"parent":47,"reference":49,"title":51,"description":40,"publishTranslation":42},"HC0Jv04qRuKuZzHWgfUcNw",[],{"id":48},"IL3SSc5ySpu4strWvTvZ_A",{"_modelApiKey":38,"slug":50},"in-the-media","In the media",{"id":53,"children":54,"externalLink":55,"parent":56,"reference":18,"title":58,"description":40,"publishTranslation":42},"Lf_fG7sJTeyY-YwXgCZM6A",[],"https://dist.0patch.com/download/latestagent",{"id":57},"InIESymQQManhdOiSJWRAA","Download 0patch Agent",{"id":60,"children":61,"externalLink":62,"parent":63,"reference":18,"title":65,"description":40,"publishTranslation":42},"H1wOcewmTj2BFNcm_3S4Pg",[],"https://support.0patch.com/hc/en-us/sections/22259984868242",{"id":64},"SWaM0xVVRG-TtXEDSCe6CA","User Manual",{"id":48,"children":67,"externalLink":40,"parent":83,"reference":18,"title":85,"description":40,"publishTranslation":42},[68,72],{"id":45,"title":51,"description":40,"parent":69,"reference":70,"externalLink":40,"publishTranslation":42,"children":71},{"id":48},{"_modelApiKey":38,"slug":50},[],{"id":73,"title":74,"description":74,"parent":75,"reference":76,"externalLink":40,"publishTranslation":42,"children":82},"GYvRoN-xQrK53JU9hoMC9g","From our blog",{"id":48},{"_modelApiKey":77,"slug":78,"title":79,"createdAt":80,"published":81},"article","micropatches-released-for-windows-storage-elevation-of-privilege-vulnerability-cv","Micropatches released for Windows Storage Elevation of Privilege Vulnerability (CVE-2026-21508)","2026-04-04T11:50:51+02:00","2026-03-31T00:00:00+02:00",[],{"id":84},"136494748","Featured",{"id":87,"children":88,"externalLink":40,"parent":18,"reference":89,"title":91,"description":40,"publishTranslation":42},"7537370",[],{"_modelApiKey":38,"slug":90},"windows10","Windows 10",{"id":93,"children":94,"externalLink":95,"parent":96,"reference":18,"title":97,"description":98,"publishTranslation":42},"KNhSd6vgR2mx15df8jrG1g",[],"https://support.0patch.com/hc/en-us",{"id":57},"Help Center","All sections",{"id":73,"children":100,"externalLink":40,"parent":101,"reference":102,"title":74,"description":74,"publishTranslation":42},[],{"id":48},{"_modelApiKey":77,"slug":78,"createdAt":80,"title":79,"published":81},{"id":104,"children":105,"externalLink":106,"parent":107,"reference":18,"title":108,"description":40,"publishTranslation":42},"YlQq8EI3S3Cjo6bX8KwScg",[],"https://www.0patch.com/files/0patch_End_User_License_Agreement.pdf",{"id":64},"License agreement",{"id":110,"children":111,"externalLink":40,"parent":112,"reference":113,"title":115,"description":116,"publishTranslation":42},"7537375",[],{"id":57},{"_modelApiKey":38,"slug":114},"contact","Contact us","Form demo",{"id":118,"children":119,"externalLink":40,"parent":18,"reference":120,"title":122,"description":40,"publishTranslation":42},"LT3XEcT4ToWK-CGDxHIvxA",[],{"_modelApiKey":38,"slug":121},"patches","Patches",{"id":124,"children":125,"externalLink":40,"parent":126,"reference":127,"title":129,"description":40,"publishTranslation":42},"C_hUUxSzRlWzUZJZiQKLWg",[],{"id":64},{"_modelApiKey":38,"slug":128},"privacy","Privacy policy",{"id":131,"children":132,"externalLink":40,"parent":18,"reference":133,"title":134,"description":40,"publishTranslation":42},"M7H9KVRYQbWzdi5przLT7w",[],{"_modelApiKey":38,"slug":39},"Pricing",{"id":57,"children":136,"externalLink":40,"parent":147,"reference":18,"title":148,"description":40,"publishTranslation":42},[137,140,143],{"id":53,"title":58,"description":40,"parent":138,"reference":18,"externalLink":55,"publishTranslation":42,"children":139},{"id":57},[],{"id":93,"title":97,"description":98,"parent":141,"reference":18,"externalLink":95,"publishTranslation":42,"children":142},{"id":57},[],{"id":110,"title":115,"description":116,"parent":144,"reference":145,"externalLink":40,"publishTranslation":42,"children":146},{"id":57},{"_modelApiKey":38,"slug":114},[],{"id":84},"Support",{"id":150,"children":151,"externalLink":40,"parent":18,"reference":152,"title":154,"description":40,"publishTranslation":42},"7540650",[],{"_modelApiKey":38,"slug":153},"blog","Blog",{"id":64,"children":156,"externalLink":40,"parent":167,"reference":18,"title":168,"description":40,"publishTranslation":42},[157,160,163],{"id":60,"title":65,"description":40,"parent":158,"reference":18,"externalLink":62,"publishTranslation":42,"children":159},{"id":64},[],{"id":104,"title":108,"description":40,"parent":161,"reference":18,"externalLink":106,"publishTranslation":42,"children":162},{"id":64},[],{"id":124,"title":129,"description":40,"parent":164,"reference":165,"externalLink":40,"publishTranslation":42,"children":166},{"id":64},{"_modelApiKey":38,"slug":128},[],{"id":84},"Documents",{"id":170,"children":171,"externalLink":40,"parent":18,"reference":172,"title":174,"description":40,"publishTranslation":42},"SH5u-VrlQeKwYFXpbtstHw",[],{"_modelApiKey":38,"slug":173},"partners","Partners",{"id":84,"children":176,"externalLink":40,"parent":18,"reference":18,"title":206,"description":40,"publishTranslation":42},[177,186,196],{"id":48,"title":85,"description":40,"parent":178,"reference":18,"externalLink":40,"publishTranslation":42,"children":179},{"id":84},[180,183],{"id":45,"title":51,"description":40,"parent":181,"reference":182,"externalLink":40,"publishTranslation":42},{"id":48},{"_modelApiKey":38,"slug":50},{"id":73,"title":74,"description":74,"parent":184,"reference":185,"externalLink":40,"publishTranslation":42},{"id":48},{"_modelApiKey":77,"slug":78,"createdAt":80,"title":79,"published":81},{"id":57,"title":148,"description":40,"parent":187,"reference":18,"externalLink":40,"publishTranslation":42,"children":188},{"id":84},[189,191,193],{"id":53,"title":58,"description":40,"parent":190,"reference":18,"externalLink":55,"publishTranslation":42},{"id":57},{"id":93,"title":97,"description":98,"parent":192,"reference":18,"externalLink":95,"publishTranslation":42},{"id":57},{"id":110,"title":115,"description":116,"parent":194,"reference":195,"externalLink":40,"publishTranslation":42},{"id":57},{"_modelApiKey":38,"slug":114},{"id":64,"title":168,"description":40,"parent":197,"reference":18,"externalLink":40,"publishTranslation":42,"children":198},{"id":84},[199,201,203],{"id":60,"title":65,"description":40,"parent":200,"reference":18,"externalLink":62,"publishTranslation":42},{"id":64},{"id":104,"title":108,"description":40,"parent":202,"reference":18,"externalLink":106,"publishTranslation":42},{"id":64},{"id":124,"title":129,"description":40,"parent":204,"reference":205,"externalLink":40,"publishTranslation":42},{"id":64},{"_modelApiKey":38,"slug":128},"Resources",[208,214,218,222,226,231,235,239,244,249,254],{"id":209,"column":210,"children":211,"externalLink":40,"parent":18,"reference":212,"title":122,"description":40,"publishTranslation":42},"Z7v-uM0cTOOBdk-s10IiJA",1,[],{"__typename":213,"_modelApiKey":38,"slug":121},"PageRecord",{"id":215,"column":210,"children":216,"externalLink":40,"parent":18,"reference":217,"title":134,"description":40,"publishTranslation":42},"Yr6Go03oTdSCq8pxdWdUsg",[],{"__typename":213,"_modelApiKey":38,"slug":39},{"id":219,"column":210,"children":220,"externalLink":40,"parent":18,"reference":221,"title":174,"description":40,"publishTranslation":42},"Ds1JBCIHQQKM3pJdA6ywFA",[],{"__typename":213,"_modelApiKey":38,"slug":173},{"id":223,"column":210,"children":224,"externalLink":40,"parent":18,"reference":225,"title":115,"description":40,"publishTranslation":42},"d9N0wsZhQsm7WLVqkmUWVQ",[],{"__typename":213,"_modelApiKey":38,"slug":114},{"id":227,"column":228,"children":229,"externalLink":40,"parent":18,"reference":230,"title":154,"description":40,"publishTranslation":42},"O9Oqpya5TZafs7o4l_8Nvg",2,[],{"__typename":213,"_modelApiKey":38,"slug":153},{"id":232,"column":228,"children":233,"externalLink":40,"parent":18,"reference":234,"title":51,"description":40,"publishTranslation":42},"QbA-8ChQT-eVxrfVlZzKaA",[],{"__typename":213,"_modelApiKey":38,"slug":50},{"id":236,"column":228,"children":237,"externalLink":95,"parent":18,"reference":18,"title":238,"description":40,"publishTranslation":42},"GcPu0RJNQu2cmfpL_Us1Lg",[],"Help center ",{"id":240,"column":228,"children":241,"externalLink":242,"parent":18,"reference":18,"title":243,"description":40,"publishTranslation":42},"NwREnz0XTvOJ93OHko_7xw",[],"https://status.0patch.com/","Status page",{"id":245,"column":228,"children":246,"externalLink":40,"parent":18,"reference":247,"title":248,"description":40,"publishTranslation":42},"UPh4X1tXRt24AhzNHaztFg",[],{"__typename":213,"_modelApiKey":38,"slug":114},"Write to support",{"id":250,"column":228,"children":251,"externalLink":252,"parent":18,"reference":18,"title":253,"description":40,"publishTranslation":42},"bUWsPw9eRvG4Ycl7j0yONg",[],"mailto:security@0patch.com","Report a security issue",{"id":255,"column":228,"children":256,"externalLink":257,"parent":18,"reference":18,"title":258,"description":40,"publishTranslation":42},"eB66OgJwSXSF0UWkhz1snQ",[],"https://www.0patch.com/files/0patch.asc","PGP KEY",[260],{"externalLink":40,"reference":261,"title":262,"publishTranslation":42},{"_modelApiKey":38,"slug":128},"Privacy",[264,269,273],{"__typename":265,"id":266,"name":267,"slug":268},"ProductCategoryRecord","Am0QLeVvQCuP42oCnhKABQ","Office","office",{"__typename":265,"id":270,"name":271,"slug":272},"VFAYSlgkRneu1oHcTKcpwQ","Server","server",{"__typename":265,"id":274,"name":275,"slug":276},"UNiVGxy_QViVXTpaSLXZlQ","Windows","windows",[278,282,285],{"__typename":279,"id":280,"title":281},"PlanRecord","T-QQY6XRSjeGbmXIK5kNCw","Free",{"__typename":279,"id":283,"title":284},"TOtXWfDyTjyO3H3OW_HRtQ","Professional",{"__typename":279,"id":286,"title":287},"KJjNQcHiRVa_mZqx_GtIrg","Enterprise",[289,423,520,561,605],{"__typename":290,"_allReferencingPatchesMeta":291,"_allReferencingPatches":293,"_modelApiKey":418,"name":419,"id":420,"slug":421,"icon":18,"supportDate":422},"PatchCategoryRecord",{"count":292},19,[294,302,310,317,325,333,340,346,352,358,364,370,376,382,388,394,400,406,412],{"id":295,"title":296,"description":297,"plans":298},"CHBzDqmWSkiUggiwCycMKQ","0day patches","\u003Cp>Patches for vulnerabilities the original vendor has not yet patched - both for legacy products and products that are still under official vendor support\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?type=0day\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our 0day patches\u003C/a>\u003C/strong>\u003C/p>",[299,300,301],{"id":280,"title":281},{"id":283,"title":284},{"id":286,"title":287},{"id":303,"title":304,"description":305,"plans":306},"W1zipVenRuaCpMLlbChNkg","Free patches","\u003Cp>Patches for \"0day\" vulnerabilities are generally free until the vendor has provided an official fix\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?plan=free\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our free patches\u003C/a>\u003C/strong>\u003C/p>",[307,308,309],{"id":280,"title":281},{"id":283,"title":284},{"id":286,"title":287},{"id":311,"title":312,"description":313,"plans":314},"JMf6o8nLRh2YNbSjeoWSbg","All patches","\u003Cp>All our patches we have ever issued, or will ever issue, including 0day and legacy patches\u003C/p>",[315,316],{"id":283,"title":284},{"id":286,"title":287},{"id":318,"title":319,"description":320,"plans":321},"N2SosqbOST-U5Q3FTqKT-g","Multi factor authentication (MFA)","\u003Cp>Require one-time code from an authenticator app when accessing 0patch Central\u003C/p>",[322,323,324],{"id":280,"title":281},{"id":283,"title":284},{"id":286,"title":287},{"id":326,"title":327,"description":328,"plans":329},"Aurt0TQWT3qrx--H6Bvtnw","0patch console - local management","\u003Cp>0patch Agent is managed locally using 0patch Console application\u003C/p>",[330,331,332],{"id":280,"title":281},{"id":283,"title":284},{"id":286,"title":287},{"id":334,"title":335,"description":336,"plans":337},"dvNfP_7ZQ6uyUtJO3ADbJQ","Standard email support","\u003Cp>Email support with 24-hour response time\u003C/p>",[338,339],{"id":283,"title":284},{"id":286,"title":287},{"id":341,"title":342,"description":343,"plans":344},"DRZtt1FJQ2OW742_5ZdcOQ","Central management","\u003Cp>Centrally manage and monitor all your 0patch Agents from web-based 0patch Central\u003C/p>",[345],{"id":286,"title":287},{"id":347,"title":348,"description":349,"plans":350},"C7j04lkDSSmPT2ikq9grug","IP address allow-listing","\u003Cp>Restricting access to 0patch Central so only users connecting from approved IP addresses can use it\u003C/p>",[351],{"id":286,"title":287},{"id":353,"title":354,"description":355,"plans":356},"aLo8Rj7YQsufFNozN8C6lw","Unattended agent installation","\u003Cp>Deploy 0patch Agent remotely without user interaction\u003C/p>",[357],{"id":286,"title":287},{"id":359,"title":360,"description":361,"plans":362},"dJECbsVMSGm7_ObPWiWSDQ","Agent auto-registration","\u003Cp>0patch Agent can automatically register itself to your 0patch account\u003C/p>",[363],{"id":286,"title":287},{"id":365,"title":366,"description":367,"plans":368},"WHM0-Mj0Sr2WZ1LwhTI9Dw","Silent run","\u003Cp>0patch Agent operates entirely in the background without showing notifications or prompts to the user\u003C/p>",[369],{"id":286,"title":287},{"id":371,"title":372,"description":373,"plans":374},"Zjk5YWqcS2al2C2OTEH82w","Patching policies","\u003Cp>Select which patches are enabled for which groups of computers, and whether newly issued patches are initially enabled or disabled\u003C/p>",[375],{"id":286,"title":287},{"id":377,"title":378,"description":379,"plans":380},"DXTTXN2ITtmy-Bclo1_iKQ","Computer groups","\u003Cp>Organize your computers in groups to simplify management and apply different policies to different sets of computers\u003C/p>",[381],{"id":286,"title":287},{"id":383,"title":384,"description":385,"plans":386},"Vna1HyM9Q4-kwJshD0-4Ag","Multi user support","\u003Cp>Add any number of users to 0patch Central\u003C/p>",[387],{"id":286,"title":287},{"id":389,"title":390,"description":391,"plans":392},"MZheRUWKRHuS_M3sPAvxWw","User roles","\u003Cp>Assign different roles to 0patch Central users to limit their access\u003C/p>",[393],{"id":286,"title":287},{"id":395,"title":396,"description":397,"plans":398},"em07-dXcQ2Of2IhpZzUeDQ","Mandatory MFA","\u003Cp>Administrator can make multi factor authentication mandatory for all 0patch Central users\u003C/p>",[399],{"id":286,"title":287},{"id":401,"title":402,"description":403,"plans":404},"DJ9WqVROQWiRnUxDr8ckeQ","SAML single sign-on","\u003Cp>Login to 0patch Central through your identity provider using the SAML protocol\u003C/p>",[405],{"id":286,"title":287},{"id":407,"title":408,"description":409,"plans":410},"c73GoxWmTXS5muxHXFl3HA","SCIM provisioning","\u003Cp>Manage 0patch Central users with your identity provider using SCIM protocol\u003C/p>",[411],{"id":286,"title":287},{"id":413,"title":414,"description":415,"plans":416},"QM6mK9qtTBe5OtMWfVnvvg","Professional services","\u003Cp>Custom patches and additional professional services are available to large customers\u003C/p>",[417],{"id":286,"title":287},"patch_category","Features","T2nlr7wWS3eNfLE8hfA1ew","features","2025-12-05",{"__typename":290,"_allReferencingPatchesMeta":424,"_allReferencingPatches":426,"_modelApiKey":418,"name":504,"id":505,"slug":506,"icon":507,"supportDate":519},{"count":425},11,[427,434,441,448,455,462,469,476,483,490,497],{"id":428,"title":429,"description":430,"plans":431},"Wn-S2pccQbKHM4Qi_CFf0Q","Windows 11 22H2 patches","\u003Cp>Windows 11 22H2 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+11\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 11 patches\u003C/a>\u003C/strong>\u003C/p>",[432,433],{"id":283,"title":284},{"id":286,"title":287},{"id":435,"title":436,"description":437,"plans":438},"KLIOm9vRTpWNef0hEYPZRw","Windows 11 21H2 patches","\u003Cp>Windows 11 21H2 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+11\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 11 patches\u003C/a>\u003C/strong>\u003C/p>",[439,440],{"id":283,"title":284},{"id":286,"title":287},{"id":442,"title":443,"description":444,"plans":445},"Z-_sUVTSRcyneegSkg6tEg","Windows 10 22H2 post-EOS patches","\u003Cp>Windows 10 22H2 post-end-of-support patches, for computers without Extended Security Updates (ESU), or computers with any full year of ESU updates installed\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[446,447],{"id":283,"title":284},{"id":286,"title":287},{"id":449,"title":450,"description":451,"plans":452},"OG3314TtS_mGEWsQ7I7rVg","Windows 10 21H2 patches","\u003Cp>Windows 10 21H2 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[453,454],{"id":283,"title":284},{"id":286,"title":287},{"id":456,"title":457,"description":458,"plans":459},"d-2ES_YuR7C4QuSmcXgi0Q","Windows 10 21H1 patches","\u003Cp>Windows 10 21H1 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[460,461],{"id":283,"title":284},{"id":286,"title":287},{"id":463,"title":464,"description":465,"plans":466},"R-A6Aep1TCCVLYwFbfK3Sw","Windows 10 20H2 patches","\u003Cp>Windows 10 20H2 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[467,468],{"id":283,"title":284},{"id":286,"title":287},{"id":470,"title":471,"description":472,"plans":473},"Dg4FaK9fS8KTa1o3Qhor6w","Windows 10 2004 patches","\u003Cp>Windows 10 2004 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[474,475],{"id":286,"title":287},{"id":283,"title":284},{"id":477,"title":478,"description":479,"plans":480},"MJlLPyxqTcy9ys2UaZYNKQ","Windows 10 v1909 patches","\u003Cp>Windows 10 1909 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[481,482],{"id":283,"title":284},{"id":286,"title":287},{"id":484,"title":485,"description":486,"plans":487},"GscjCa1TQOe5p5Or7g2qyw","Windows 10 v1809 patches","\u003Cp>Windows 10 1809 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[488,489],{"id":283,"title":284},{"id":286,"title":287},{"id":491,"title":492,"description":493,"plans":494},"OeQ8xMmJTmadIiPcKYkhvw","Windows 10 v1803 patches","\u003Cp>Windows 10 1803 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+10\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows 10 patches\u003C/a>\u003C/strong>\u003C/p>",[495,496],{"id":283,"title":284},{"id":286,"title":287},{"id":498,"title":499,"description":500,"plans":501},"Obe8z8snRYGoLT6BZyzhZw","Windows 7 post-EOS and post-ESU patches","\u003Cp>Windows 7 post-end-of-support patches, for computers without Extended Security Updates (ESU), or computers with any full year of ESU updates installed\u003C/p>",[502,503],{"id":283,"title":284},{"id":286,"title":287},"Windows Patches","DXze3dvpTu-HF132vKjSug","microsoft-windows-xp",{"alt":508,"url":509,"width":510,"height":510,"responsiveImage":511},"Windows 11 logo","https://www.datocms-assets.com/166020/1764600963-win11.png",300,{"srcSet":512,"webpSrcSet":513,"sizes":514,"src":515,"width":516,"height":516,"aspectRatio":210,"alt":508,"title":18,"bgColor":517,"base64":518},"https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&fit=crop&h=40 40w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&h=40 60w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&h=40 80w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&h=40 120w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&h=40 160w","https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&fit=crop&fm=webp&h=40 40w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&fm=webp&h=40 60w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&fm=webp&h=40 80w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&fm=webp&h=40 120w,https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&fm=webp&h=40 160w","(max-width: 40px) 100vw, 40px","https://www.datocms-assets.com/166020/1764600963-win11.png?auto=compress&crop=focalpoint&fit=crop&h=40",40,"#0278cf","data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAMAAADXqc3KAAAA51BMVEUAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtEAdtG9HcQcAAAATXRSTlMAAQIDBAUGBwkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY4OTo7PD0+P0BBQkNERUZHSEpLTE1OTwjw0A0AAAEqSURBVHjapZHbbsMgDIZNcMwhm7ZW097/+XrTToNwSGKPkraqtN3NCAn/H8LmN4L2LxbyOcMer0cHJcYF9UhEwHQH10yWBdAa7y0MJW5dN9NkQQsgTuS9UUMNoQM/eQcaGiBjRlJMpgNljWlPrSugiABc9yOkpSKYeBhYlZR2MSUjUtJc8EKlWpXP8379QpAhxVCRc56tSvdu4VSt5NhqtHPOTxXgonpBhF+xN/IHgP8AlO1ZYu5AO08ynx/ym+UUm7sf1MF4uumfhwZCKHgg70YZuXx1cDi+W3ZEBR0Zi7wZs4/JOmdEbaxRuC3hXrA7ezW/BaZNwco57SYuuWQlpdaK37SuxPH75m4IxJBjLBjrxpVjuHWbYptHnts8Kg+at1Lv/6hVt12XH8K5sGlN/hfaAAAAAElFTkSuQmCC","2025-06-25",{"__typename":290,"_allReferencingPatchesMeta":521,"_allReferencingPatches":523,"_modelApiKey":418,"name":545,"id":546,"slug":547,"icon":548,"supportDate":519},{"count":522},3,[524,531,538],{"id":525,"title":526,"description":527,"plans":528},"DMZZcGMvQfaRElACxvHXyA","Windows Server 2012 R2 post-EOS patches","\u003Cp>Windows Server 2012 R2 post-end-of-support patches, for computers without Extended Security Updates (ESU), or computers with any full year of ESU updates installed\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+Server+2012+R2\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows Server 2012 R2 patches\u003C/a>\u003C/strong>\u003C/p>",[529,530],{"id":283,"title":284},{"id":286,"title":287},{"id":532,"title":533,"description":534,"plans":535},"ZaeezXKkT3KGln5CQ4NH9w","Windows Server 2012 post-EOS patches","\u003Cp>Windows Server 2012 post-end-of-support patches, for computers without Extended Security Updates (ESU), or computers with any full year of ESU updates installed\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+Server+2012\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows Server 2012 patches\u003C/a>\u003C/strong>\u003C/p>",[536,537],{"id":283,"title":284},{"id":286,"title":287},{"id":539,"title":540,"description":541,"plans":542},"RYxw9xwXR3-OWnsdr8dFEg","Windows Server 2008 R2 post-EOS and post-ESU patches","\u003Cp>Windows Server 2008 R2 post-end-of-support patches, for computers without Extended Security Updates (ESU), or computers with any full year of ESU updates installed\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Windows+Server+2008+R2\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Windows Server 2008 R2 patches\u003C/a>\u003C/strong>\u003C/p>",[543,544],{"id":283,"title":284},{"id":286,"title":287},"Windows Server Patches","J7WLPCrKS7i7B8sAyJpKWg","microsoft-windows-vista",{"alt":549,"url":550,"width":551,"height":510,"responsiveImage":552},"Windows Server 2012-2022 logo","https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png",296,{"srcSet":553,"webpSrcSet":554,"sizes":555,"src":556,"width":557,"height":516,"aspectRatio":558,"alt":549,"title":18,"bgColor":559,"base64":560},"https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&fit=crop&h=40 39w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&h=40 58w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&h=40 78w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&h=40 117w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&h=40 156w","https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&fit=crop&fm=webp&h=40 39w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&fm=webp&h=40 58w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&fm=webp&h=40 78w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&fm=webp&h=40 117w,https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&fm=webp&h=40 156w","(max-width: 39px) 100vw, 39px","https://www.datocms-assets.com/166020/1764600963-srv2012_2022.png?auto=compress&crop=focalpoint&fit=crop&h=40",39,0.975,"#0b1f8e","data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAYCAMAAAAmopZHAAABRFBMVEUAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIgAFIis0k1eAAAAbHRSTlMAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSkxNTk9QUVRVVldYWVpbXF1fYWJjZGVmZ2lqa2xtbnBzdHY8yRY6AAABF0lEQVR42o2STU/EIBCGmWEodGm77sWj//+PeVAvRrNAYYY63cREs42R45PJ+xXIHD/6L0eU7Y7DZR4tl5QqGQQ0XXbql4fLHCyv11zpCRCMMIux43w5R4+yTqXSGQA24cadwuidG5C7iCG58dZaZ0ODs13vi+q8AxjltQr6VPKsOjkpf73Z9t23fn5+xICcs3L+mTOlkwcu9b5XKiCHfdXugNs4qE5WvoBFs+dRGmKMA7aSSqNHRAudWxXjwjTt92vSvguSxW0fAtw4ncYB+pprow6b0YkACIfRhxNBt+gqvVnnSKv1ze5DVIOdpQo9q7ezuoUhPy3LNFjhovoag787v8TzHEhqLvw7//VqAvXKB33L3//hC+5Cl3o2W4MJAAAAAElFTkSuQmCC",{"__typename":290,"_allReferencingPatchesMeta":562,"_allReferencingPatches":564,"_modelApiKey":418,"name":593,"id":594,"slug":595,"icon":596,"supportDate":519},{"count":563},4,[565,572,579,586],{"id":566,"title":567,"description":568,"plans":569},"axmNaLDGSs2BLTpJNU-fuQ","Microsoft Office 2019 post-EOS patches","\u003Cp>Microsoft Office 2019 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Office+2019\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Microsoft Office 2019 patches\u003C/a>\u003C/strong>\u003C/p>",[570,571],{"id":283,"title":284},{"id":286,"title":287},{"id":573,"title":574,"description":575,"plans":576},"MkFk40IJQhCcXnIO2ZDd4Q","Microsoft Office 2016 post-EOS patches","\u003Cp>Microsoft Office 2016 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Office+2016\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Microsoft Office 2016 patches\u003C/a>\u003C/strong>\u003C/p>",[577,578],{"id":283,"title":284},{"id":286,"title":287},{"id":580,"title":581,"description":582,"plans":583},"FFqWfGxfQF2q0uyjyRjVWg","Microsoft Office 2013 post-EOS patches","\u003Cp>Microsoft Office 2013 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Office+2013\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Microsoft Office 2013 patches\u003C/a>\u003C/strong>\u003C/p>",[584,585],{"id":283,"title":284},{"id":286,"title":287},{"id":587,"title":588,"description":589,"plans":590},"XFYgrsOyRpeuEXk29M4z9g","Microsoft Office 2010 post-EOS patches","\u003Cp>Microsoft Office 2010 post-end-of-support patches\u003C/p>\n\u003Cp>\u003Cstrong>\u003Ca href=\"/patches?product=Office+2010\" target=\"_blank\" rel=\"noopener\">Click to see the full list of our Microsoft Office 2010 patches\u003C/a>\u003C/strong>\u003C/p>",[591,592],{"id":283,"title":284},{"id":286,"title":287},"Microsoft Office Patches","VH2unwR4RjycDA1o_6eSFw","microsoft-windows-7",{"alt":597,"url":598,"width":510,"height":510,"responsiveImage":599},"Microsoft Office logo","https://www.datocms-assets.com/166020/1764600963-office2013_2019.png",{"srcSet":600,"webpSrcSet":601,"sizes":514,"src":602,"width":516,"height":516,"aspectRatio":210,"alt":597,"title":18,"bgColor":603,"base64":604},"https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&fit=crop&h=40 40w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&h=40 60w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&h=40 80w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&h=40 120w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&h=40 160w","https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&fit=crop&fm=webp&h=40 40w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=1.5&fit=crop&fm=webp&h=40 60w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=2&fit=crop&fm=webp&h=40 80w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=3&fit=crop&fm=webp&h=40 120w,https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&dpr=4&fit=crop&fm=webp&h=40 160w","https://www.datocms-assets.com/166020/1764600963-office2013_2019.png?auto=compress&crop=focalpoint&fit=crop&h=40","#eb3c00","data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAMAAADXqc3KAAABSlBMVEXqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPADqPAAMDLSTAAAAbnRSTlMAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAiIyQlJicoKSorLS4vMTIzNDU2Nzk6Ozw9P0BBQkNERkpMTU5PUFFSVVZXWVpbXF1eX2BhYmNkZmdoaWpsbW5vcHFzdXZ4fH5/gIKDhBdTJiUAAAERSURBVHjabdE5doQwDAZgSV6AwMsU06TN/e+TM6SfyeBNUsALTeKGhz7wL8sWzoU21yd8fN6Xn++vAGDruzcdyFhjrBuAK0mo4Kz3PL89OrxvyA0s+Un9Cg38bZPUtrLOmXleUSvctrk4W1obZHVZtscJ0zo5Ral1FsAjfG7gDCo3iLmIknU1w4BybtnwyqmAaAsXzhhfDZ4hMjJrhVwy7B1iiIWycIPktO90flWIz8ATctY8QERQtQEUVh6ARIjQT86Mow7OGDqsg+IQcs4CjT8KXzB7Rwraujo6Qe3g7TEF4dTHHmGEGwKVFF4ddkhXu8yxjqFd7T7qzDmG9LzgWqWkuO//QS4xhf0viDJzvctfA1KXpEpvxgMAAAAASUVORK5CYII=",{"__typename":290,"_allReferencingPatchesMeta":606,"_allReferencingPatches":607,"_modelApiKey":418,"name":614,"id":615,"slug":616,"icon":617,"supportDate":519},{"count":210},[608],{"id":609,"title":610,"description":611,"plans":612},"OuJP-mYgRRi-wc8RTcRbUg","Other products patches","\u003Cp>We occasionally patch other Windows products, for instance when a critical vulnerability becomes known and the vendor does not provide an official patch in a timely manner\u003C/p>",[613],{"id":283,"title":284},"Other","BrWA-hAsQYSROgTvF-1ecA","microsoft-windows-11",{"alt":618,"url":619,"width":620,"height":621,"responsiveImage":18},"Windows 7","https://www.datocms-assets.com/166020/1754390080-layer1.svg",44,38,[623,628,632,636,640,644,648,652,656,660],{"__typename":624,"id":625,"name":626,"slug":627},"CountryRecord","WYcngTKjTLSCPKXF1CGc3Q","Germany","germany",{"__typename":624,"id":629,"name":630,"slug":631},"W7K_V8xIQ4esd1pdctvLRg","Switzerland","switzerland",{"__typename":624,"id":633,"name":634,"slug":635},"YCAHqeAMSp2PAVyP3KGV4w","International","international",{"__typename":624,"id":637,"name":638,"slug":639},"IKNwlfjMQXOfKhtUID30BQ","Singapore","singapore",{"__typename":624,"id":641,"name":642,"slug":643},"UzXo_gH5Te-UnOfNwdsfWQ","Netherlands","netherlands",{"__typename":624,"id":645,"name":646,"slug":647},"JKw7Q4wpQ8eGJjvHXwfSAA","Spain","spain",{"__typename":624,"id":649,"name":650,"slug":651},"RZbGpAInTEivnMxZzdTzwg","Poland","poland",{"__typename":624,"id":653,"name":654,"slug":655},"NwnHmUQ6RIK_OV9865XH3Q","Australia","australia",{"__typename":624,"id":657,"name":658,"slug":659},"HfVwBnHDSfCassEtkYx9lQ","United Kingdom","united-kingdom",{"__typename":624,"id":661,"name":662,"slug":663},"UUYGwDAYR4qLZM5UmDcmVA","USA","usa",[665,670],{"__typename":666,"id":667,"name":668,"slug":669},"PartnerCategoryRecord","dQoYak16SOaHi1odGdVqmQ","MSPs & SOCs","msps-socs",{"__typename":666,"id":671,"name":672,"slug":673},"REE7lMU8RzC9jabDARcxYQ","Resellers & Distributors","resellers-distributors",{"id":675,"_modelApiKey":676,"__typename":677,"text":678,"link":679,"menuLinks":687},"WnQYb8xeS2irpBJ41pdDRA","top_bar","TopBarRecord","Micropatches released for Windows Netlogon Remote Code Execution Vulnerability (CVE-2026-41089)",[680],{"externalLink":40,"id":681,"recordLink":682,"variant":12,"icon":685,"title":686},"K2tgUizORgyofhnuTJ36dA",{"__typename":683,"_modelApiKey":77,"slug":684},"ArticleRecord","micropatches-released-for-windows-netlogon-remote-code-execution-vulnerability-cv",false,"Learn more",[688,691],{"id":689,"primary":685,"externalLink":95,"parent":18,"reference":18,"title":690,"description":40,"publishTranslation":42},"B1pEweRaRD2YBkP6aH1CfA","Help center",{"id":692,"primary":42,"externalLink":693,"parent":18,"reference":18,"title":694,"description":40,"publishTranslation":42},"Mk0Yz-yqTk2akShgf7ARNg","https://central.0patch.com/","Sign in",[696,700],{"id":697,"title":698,"url":699},"NDrk5d4kQ96J2aCuTr-gvg","0patch on X","https://twitter.com/0patch",{"id":701,"title":702,"url":703},"GqN4lYxyTMyzcmRllVY4mg","Linked In","https://linkedin.com/company/0patch",{"left":705,"top":705,"width":706,"height":706,"rotate":705,"vFlip":685,"hFlip":685,"body":707},0,24,"\u003Cg fill=\"none\">\u003Cpath d=\"M11.9999 15.0539L6.34619 9.40013L7.39994 8.34637L11.9999 12.9464L16.5999 8.34637L17.6537 9.40013L11.9999 15.0539Z\" fill=\"currentColor\"/>\u003C/g>",{"left":705,"top":705,"width":706,"height":706,"rotate":705,"vFlip":685,"hFlip":685,"body":709},"\u003Cg fill=\"none\">\u003Cpath d=\"M9.5501 18.0001L3.8501 12.3001L5.2751 10.8751L9.5501 15.1501L18.7251 5.9751L20.1501 7.4001L9.5501 18.0001Z\" fill=\"currentColor\"/>\u003C/g>",{"left":705,"top":705,"width":706,"height":706,"rotate":705,"vFlip":685,"hFlip":685,"body":711},"\u003Cg fill=\"none\">\u003Cpath d=\"M5.55375 19.5001L4.5 18.4464L15.9462 7.00012H9V5.50012H18.5V15.0001H17V8.05387L5.55375 19.5001Z\" fill=\"currentColor\"/>\u003C/g>",{"article":713},{"_firstPublishedAt":714,"_publishedAt":715,"_updatedAt":716,"_seoMetaTags":717,"_allSlugLocales":783,"_allPublishTranslationLocales":786,"published":788,"__typename":683,"_modelApiKey":77,"author":789,"createdAt":714,"id":790,"excerpt":40,"body":791,"image":1415,"readTime":40,"title":720,"slug":785,"publishTranslation":42,"seoMetadata":18},"2025-08-21T14:10:26+02:00","2026-04-01T15:21:54+02:00","2026-04-01T15:21:53+02:00",[718,721,725,728,732,735,738,742,746,750,753,756,759,762,765,768,772,775,779],{"tag":719,"attributes":18,"content":720},"title","0patching the RSRC Arbitrary NULL Write Vulnerability in LabVIEW (CVE-2017-2779)",{"tag":722,"attributes":723,"content":18},"meta",{"property":724,"content":720},"og:title",{"tag":722,"attributes":726,"content":18},{"name":727,"content":720},"twitter:title",{"tag":722,"attributes":729,"content":18},{"name":730,"content":731},"description","This is a 0patch website.",{"tag":722,"attributes":733,"content":18},{"property":734,"content":731},"og:description",{"tag":722,"attributes":736,"content":18},{"name":737,"content":731},"twitter:description",{"tag":722,"attributes":739,"content":18},{"property":740,"content":741},"og:image","https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?auto=format&fit=max&w=1200",{"tag":722,"attributes":743,"content":18},{"property":744,"content":745},"og:image:width","640",{"tag":722,"attributes":747,"content":18},{"property":748,"content":749},"og:image:height","634",{"tag":722,"attributes":751,"content":18},{"property":752,"content":720},"og:image:alt",{"tag":722,"attributes":754,"content":18},{"name":755,"content":741},"twitter:image",{"tag":722,"attributes":757,"content":18},{"name":758,"content":720},"twitter:image:alt",{"tag":722,"attributes":760,"content":18},{"property":761,"content":32},"og:locale",{"tag":722,"attributes":763,"content":18},{"property":764,"content":77},"og:type",{"tag":722,"attributes":766,"content":18},{"property":767,"content":6},"og:site_name",{"tag":722,"attributes":769,"content":18},{"property":770,"content":771},"article:modified_time","2026-04-01T13:21:53Z",{"tag":722,"attributes":773,"content":18},{"property":774,"content":40},"article:publisher",{"tag":722,"attributes":776,"content":18},{"name":777,"content":778},"twitter:card","summary",{"tag":722,"attributes":780,"content":18},{"name":781,"content":782},"robots","noindex",[784],{"value":785,"locale":32},"0patching-rsrc-arbitrary-null-write",[787],{"value":42,"locale":32},"2017-09-01T19:10:00+02:00","Mitja Kolsek","TDAFMlRXQCmVu02x7taugg",{"blocks":792,"links":838,"value":839},[793,808,822,826],{"id":794,"_modelApiKey":795,"__typename":796,"image":797},"Zsad0u1aQ462K5tQvJQ_BA","image","ImageRecord",{"alt":720,"url":798,"width":799,"height":800,"responsiveImage":801},"https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png",640,634,{"srcSet":802,"webpSrcSet":803,"sizes":804,"src":798,"width":799,"height":800,"aspectRatio":805,"alt":720,"title":720,"bgColor":806,"base64":807},"https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?dpr=0.25 160w,https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?dpr=0.5 320w,https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?dpr=0.75 480w,https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png 640w","https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?dpr=0.25&fm=webp 160w,https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?dpr=0.5&fm=webp 320w,https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?dpr=0.75&fm=webp 480w,https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?fm=webp 640w","(max-width: 640px) 100vw, 640px",1.0094637223974763,"#52a9e2","data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAoHBwgHBgoICAgFCgoFBQwFBQUFBREJCgUMFxMZGBYTFhUaHysjGh0oHRUWJDUlKC0vMjIyGSI4PTcwPCsxMi8BCgsLBQUFEAUFEC8cFhwvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL//AABEIABgAGAMBIgACEQEDEQH/xAAVAAEBAAAAAAAAAAAAAAAAAAAAB//EABQQAQAAAAAAAAAAAAAAAAAAAAD/xAAVAQEBAAAAAAAAAAAAAAAAAAAAAv/EABQRAQAAAAAAAAAAAAAAAAAAAAD/2gAMAwEAAhEDEQA/AKoApQAAAAAD/9k=",{"id":809,"_modelApiKey":795,"__typename":796,"image":810},"JHiC6J3vQgigpOMlaFuHyQ",{"alt":811,"url":812,"width":813,"height":814,"responsiveImage":815},"sanitize","https://www.datocms-assets.com/166020/1757074122-sanitize-patch.png",936,1600,{"srcSet":816,"webpSrcSet":817,"sizes":818,"src":812,"width":813,"height":814,"aspectRatio":819,"alt":811,"title":811,"bgColor":820,"base64":821},"https://www.datocms-assets.com/166020/1757074122-sanitize-patch.png?dpr=0.25 234w,https://www.datocms-assets.com/166020/1757074122-sanitize-patch.png?dpr=0.5 468w,https://www.datocms-assets.com/166020/1757074122-sanitize-patch.png?dpr=0.75 702w,https://www.datocms-assets.com/166020/1757074122-sanitize-patch.png 936w","https://www.datocms-assets.com/166020/1757074122-sanitize-patch.png?dpr=0.25&fm=webp 234w,https://www.datocms-assets.com/166020/1757074122-sanitize-patch.png?dpr=0.5&fm=webp 468w,https://www.datocms-assets.com/166020/1757074122-sanitize-patch.png?dpr=0.75&fm=webp 702w,https://www.datocms-assets.com/166020/1757074122-sanitize-patch.png?fm=webp 936w","(max-width: 936px) 100vw, 936px",0.585,"#0606ff","data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAoHBwcICAkHCggHDQ4NDhgHBwcIDhEKDREMFxUZGBYVFhUaHysjGh0oHRUWJDUlKC0vMjIyGSI4PTcwPCsxMi8BCgsLDg0OHA0QHC8cFhw7Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL//AABEIABgADgMBIgACEQEDEQH/xAAXAAADAQAAAAAAAAAAAAAAAAAAAQcC/8QAFBABAAAAAAAAAAAAAAAAAAAAAP/EABUBAQEAAAAAAAAAAAAAAAAAAAMA/8QAGREAAgMBAAAAAAAAAAAAAAAAADEBAiER/9oADAMBAAIRAxEAPwCuGya5pTbBAAsMCyP/2Q==",{"id":823,"_modelApiKey":795,"__typename":796,"image":824},"Qk8C7XjiTgG5diw-e_wtfw",{"alt":811,"url":812,"width":813,"height":814,"responsiveImage":825},{"srcSet":816,"webpSrcSet":817,"sizes":818,"src":812,"width":813,"height":814,"aspectRatio":819,"alt":811,"title":811,"bgColor":820,"base64":821},{"id":827,"_modelApiKey":828,"__typename":829,"video":830},"cE_9pY6oTfqGuFlWIFkDCw","video_external","VideoExternalRecord",{"url":831,"title":832,"thumbnailUrl":833,"height":834,"provider":835,"providerUid":836,"width":837},"https://www.youtube.com/watch?v=y8gi4xBP-rc","0patching LabVIEW RSRC arbitrary NULL write (CVE-2017-2779)","https://i.ytimg.com/vi/y8gi4xBP-rc/hqdefault.jpg",113,"youtube","y8gi4xBP-rc",200,[],{"schema":840,"document":841},"dast",{"type":842,"children":843},"root",[844,1000,1002,1055,1056,1060,1282,1283,1287,1310,1314,1358,1368,1369,1412],{"type":845,"children":846},"paragraph",[847,852,854,863,865,869,871,878,880,883,885,892,894,896,898,900,902,904,906,913,915,918,920,923,925,928,930,932,934,936,938,941,943,945,947,949,951,953,955,957,959,961,963,965,967,969,971,973,975,977,979,981,983,985,987,989,991,994,996,998],{"type":848,"marks":849,"value":851},"span",[850],"strong","Whether Vendors Patch Their Products or Not, We Have Your Back",{"type":848,"value":853},"\n\nThree days ago, Cisco Talos published a ",{"url":855,"meta":856,"type":12,"children":860},"http://blog.talosintelligence.com/2017/08/vulnerability-spotlight-code-execution.html",[857],{"id":858,"value":859},"target","_blank",[861],{"type":848,"value":862},"post about a code execution vulnerability in LabVIEW",{"type":848,"value":864},", whereby opening a malformed ",{"type":848,"marks":866,"value":868},[867],"emphasis","VI",{"type":848,"value":870}," file with LabVIEW results in writing NULL bytes at chosen memory locations. This can most likely be used for executing arbitrary code by carefully placing NULLs in various data structures or stack. Nothing unusual so far. \n\nAccording to Talos' post, the producer of LabVIEW, ",{"url":872,"meta":873,"type":12,"children":875},"http://www.ni.com/",[874],{"id":858,"value":859},[876],{"type":848,"value":877},"National Instruments",{"type":848,"value":879},", initially* refused to patch this vulnerability, stating that ",{"type":848,"marks":881,"value":882},[867],"\"National Instruments does not consider that this issue constitutes a vulnerability in their product, since any .exe like file format can be modified to replace legitimate content with malicious.\"",{"type":848,"value":884},"\n\n(* Subsequently, National Instruments ",{"url":886,"meta":887,"type":12,"children":889},"http://www.ni.com/product-documentation/54099/en/",[888],{"id":858,"value":859},[890],{"type":848,"value":891},"stated that they would produce a patch",{"type":848,"value":893},".)\n\nA ",{"type":848,"marks":895,"value":868},[867],{"type":848,"value":897}," file is not a Windows executable that would run on any Windows computer. However, if you have LabVIEW installed, a ",{"type":848,"marks":899,"value":868},[867],{"type":848,"value":901}," file will get opened by it, and can be made to automatically run its embedded code. This code is very powerful and by design has ability to access your file system and launch native executables. So a malicious ",{"type":848,"marks":903,"value":868},[867],{"type":848,"value":905}," file, say, received via email or found on the Internet, could attack your computer if opened in LabVIEW - even without the vulnerability described here.\n\nThis is not entirely different from, say, a Microsoft Word document, which is also not an executable file, but can contain powerful damaging macros. (Although Word does warn you about macros and you have to explicitly allow their execution.) \n\nNational Instruments provides ",{"url":907,"meta":908,"type":12,"children":910},"http://digital.ni.com/public.nsf/allkb/ECCA13EDE2300EFA86257FE100747965",[909],{"id":858,"value":859},[911],{"type":848,"value":912},"Security Best Practices",{"type":848,"value":914}," stating that you should exercise the same precautions with a ",{"type":848,"marks":916,"value":917},[867],"VI ",{"type":848,"value":919},"file as you would with a ",{"type":848,"marks":921,"value":922},[867],"EXE ",{"type":848,"value":924},"or ",{"type":848,"marks":926,"value":927},[867],"DLL ",{"type":848,"value":929},"file. This makes sense - if an attacker can get you to open his malicious ",{"type":848,"marks":931,"value":917},[867],{"type":848,"value":933},"file, he can simply put malicious ",{"type":848,"marks":935,"value":868},[867],{"type":848,"value":937}," code in it that will attack you, just as if he could get you to open a malicious ",{"type":848,"marks":939,"value":940},[867],"EXE",{"type":848,"value":942},". Importantly, he does not gain any additional benefit from a memory corruption issue described here, as he would still need you to open his ",{"type":848,"marks":944,"value":868},[867],{"type":848,"value":946}," file - and in contrast to Word and macros, LabVIEW does not ask your permission to execute ",{"type":848,"marks":948,"value":917},[867],{"type":848,"value":950},"code.  \n\nHowever, the Security Best Practices document further states that if you want to safely inspect a suspect ",{"type":848,"marks":952,"value":917},[867],{"type":848,"value":954},"before running it, you should add that ",{"type":848,"marks":956,"value":868},[867],{"type":848,"value":958}," as a sub-",{"type":848,"marks":960,"value":868},[867],{"type":848,"value":962}," to a blank ",{"type":848,"marks":964,"value":868},[867],{"type":848,"value":966},", and inspect its code before running it.\n\nIn this case, however, there is a difference between a legitimately-formatted ",{"type":848,"marks":968,"value":917},[867],{"type":848,"value":970},"with malicious ",{"type":848,"marks":972,"value":868},[867],{"type":848,"value":974}," code (which does not get executed as a sub-",{"type":848,"marks":976,"value":868},[867],{"type":848,"value":978},") and a malformed ",{"type":848,"marks":980,"value":917},[867],{"type":848,"value":982},"causing memory corruption when loaded (which executes malicious code even if loaded as a sub-",{"type":848,"marks":984,"value":868},[867],{"type":848,"value":986},").\n\nThis vulnerability therefore allows an attacker to mount an attack with a malicious ",{"type":848,"marks":988,"value":917},[867],{"type":848,"value":990},"file against a user following National Instruments' Security Best Practices. Since the vendor initially stated that they would not issue a fix (it's still not available at the time of this writing), we decided to make one ourselves.\n\n\n",{"type":848,"marks":992,"value":993},[850],"Analysis",{"type":848,"value":995},"\n\nIn order to fix this vulnerability, we needed to first understand it. We started with a sample ",{"type":848,"marks":997,"value":917},[867],{"type":848,"value":999},"file.\n",{"item":794,"type":1001},"block",{"type":845,"children":1003},[1004,1006,1008,1010,1017,1019,1022,1024,1027,1029,1032,1034,1036,1038,1040,1042,1044,1046,1053],{"type":848,"value":1005},"\n\nA .",{"type":848,"marks":1007,"value":868},[867],{"type":848,"value":1009}," file (example shown above) is a data file in a publicly undocumented format. It gets opened with labview.exe, which, among other things, parses the file's RSRC segments into in-memory RSRC data structures. You can see one RSRC segment at the beginning of the file above, but there can be others further down in a file.\n\nTalos' ",{"url":1011,"meta":1012,"type":12,"children":1014},"https://www.talosintelligence.com/reports/TALOS-2017-0273/",[1013],{"id":858,"value":859},[1015],{"type":848,"value":1016},"detailed vulnerability report ",{"type":848,"value":1018},"provided useful details on where their malformed ",{"type":848,"marks":1020,"value":1021},[867],".VI",{"type":848,"value":1023}," file caused a crash. Apparently, a method called ClearAllDataHdls (yes, the affected DLL comes with some symbols) walks through an array of what we can assume are \"data handles\". Each data handle has an ",{"type":848,"marks":1025,"value":1026},[867],"offset ",{"type":848,"value":1028},"to its own array of some 20-byte objects, and the ",{"type":848,"marks":1030,"value":1031},[867],"count ",{"type":848,"value":1033},"of these objects. The code simply walks through all objects of all handles, and writes a NULL to each one of them. Manipulating the said ",{"type":848,"marks":1035,"value":1026},[867],{"type":848,"value":1037},"allows for writing one or more NULLs at arbitrarily chosen locations in memory.\n\nIt was trivial to create a malformed ",{"type":848,"marks":1039,"value":1021},[867],{"type":848,"value":1041}," file from a sample file based on this information. And, as expected, it crashed LabVIEW with an access violation. However, it did not crash it in ClearAllDataHdls, but in a method called StandardizeAndSanityChkRsrcMap (actually in a small helper function called by it). What happened? Was our POC different, did we find another bug?\n\nIt turned out we were using LabVIEW 2017, while Talos did their testing on version 2016. It appears that in version 2017, LabVIEW added some RSRC sanitization code, and in fact looking at this method revealed some sanity checks are being done on the RSRC data, whereby a ",{"type":848,"marks":1043,"value":1021},[867],{"type":848,"value":1045}," file is rejected if these checks fail. Unfortunately, these checks are not for the malformed data in question; in fact, StandardizeAndSanityChkRsrcMap also performs initialization of above-mentioned 20-byte objects by reversing their byte order to ",{"url":1047,"meta":1048,"type":12,"children":1050},"https://en.wikipedia.org/wiki/Endianness",[1049],{"id":858,"value":859},[1051],{"type":848,"value":1052},"little-endian",{"type":848,"value":1054}," format, and this very action is what resulted in our crash due to accessing an invalid memory address.\n\nIt was time to take a closer look at StandardizeAndSanityChkRsrcMap and understand the RSRC data structure. The following image shows the most important part of StandardizeAndSanityChkRsrcMap, where the outer loop walks through all the handles, and the inner loop walks through all objects of a given handle and byte-reverses them.\n\n\n",{"item":809,"type":1001},{"type":845,"children":1057},[1058],{"type":848,"value":1059},"Now let's look at a sample RSRC structure in the memory, after all the values have been byte-reversed.\n\n\n",{"type":845,"children":1061},[1062,1065,1067,1070,1071,1074,1075,1078,1079,1082,1083,1086,1087,1090,1091,1094,1095,1098,1099,1102,1103,1106,1107,1110,1111,1114,1115,1118,1119,1122,1123,1126,1127,1130,1131,1134,1135,1138,1139,1142,1143,1146,1147,1150,1151,1154,1155,1158,1159,1162,1163,1166,1167,1170,1171,1174,1175,1178,1179,1182,1183,1185,1186,1189,1190,1193,1194,1197,1198,1201,1202,1204,1205,1208,1209,1212,1213,1216,1217,1220,1221,1223,1224,1227,1228,1231,1232,1235,1236,1239,1240,1242,1243,1246,1247,1250,1251,1254,1255,1258,1259,1262,1263,1266,1268,1271,1273,1275,1277,1280],{"type":848,"marks":1063,"value":1064},[850],"52 53 52 43 0d 0a 03 00 4c 56 49 4e 4c 42 56 57  RSRC....LVINLBVW",{"type":848,"value":1066},"\n",{"type":848,"marks":1068,"value":1069},[850],"c4 28 00 00 50 03 00 00 20 00 00 00 a4 28 00 00  .(..P... ....(..",{"type":848,"value":1066},{"type":848,"marks":1072,"value":1073},[850],"00 00 00 00 00 00 00 00 20 00 00 00 34 00 00 00  ........ ...4...",{"type":848,"value":1066},{"type":848,"marks":1076,"value":1077},[850],"38 03 00 00 17 00 00 00 4c 56 53 52 00 00 00 00  8.......LVSR....",{"type":848,"value":1066},{"type":848,"marks":1080,"value":1081},[850],"24 01 00 00 52 54 53 47 00 00 00 00 38 01 00 00  $...RTSG....8...",{"type":848,"value":1066},{"type":848,"marks":1084,"value":1085},[850],"76 65 72 73 00 00 00 00 4c 01 00 00 43 4f 4e 50  vers....L...CONP",{"type":848,"value":1066},{"type":848,"marks":1088,"value":1089},[850],"00 00 00 00 60 01 00 00 4c 49 76 69 00 00 00 00  ....`...LIvi....",{"type":848,"value":1066},{"type":848,"marks":1092,"value":1093},[850],"74 01 00 00 42 44 50 57 00 00 00 00 88 01 00 00  t...BDPW........",{"type":848,"value":1066},{"type":848,"marks":1096,"value":1097},[850],"49 43 4f 4e 00 00 00 00 9c 01 00 00 69 63 6c 38  ICON........icl8",{"type":848,"value":1066},{"type":848,"marks":1100,"value":1101},[850],"00 00 00 00 b0 01 00 00 54 49 54 4c 00 00 00 00  ........TITL....",{"type":848,"value":1066},{"type":848,"marks":1104,"value":1105},[850],"c4 01 00 00 43 50 43 32 00 00 00 00 d8 01 00 00  ....CPC2........",{"type":848,"value":1066},{"type":848,"marks":1108,"value":1109},[850],"4c 49 66 70 00 00 00 00 ec 01 00 00 46 50 48 62  LIfp........FPHb",{"type":848,"value":1066},{"type":848,"marks":1112,"value":1113},[850],"00 00 00 00 00 02 00 00 46 50 53 45 00 00 00 00  ........FPSE....",{"type":848,"value":1066},{"type":848,"marks":1116,"value":1117},[850],"14 02 00 00 56 50 44 50 00 00 00 00 28 02 00 00  ....VPDP....(...",{"type":848,"value":1066},{"type":848,"marks":1120,"value":1121},[850],"4c 49 62 64 00 00 00 00 3c 02 00 00 42 44 48 62  LIbd....\u003C...BDHb",{"type":848,"value":1066},{"type":848,"marks":1124,"value":1125},[850],"00 00 00 00 50 02 00 00 42 44 53 45 00 00 00 00  ....P...BDSE....",{"type":848,"value":1066},{"type":848,"marks":1128,"value":1129},[850],"64 02 00 00 56 49 54 53 00 00 00 00 78 02 00 00  d...VITS....x...",{"type":848,"value":1066},{"type":848,"marks":1132,"value":1133},[850],"44 54 48 50 00 00 00 00 8c 02 00 00 4d 55 49 44  DTHP........MUID",{"type":848,"value":1066},{"type":848,"marks":1136,"value":1137},[850],"00 00 00 00 a0 02 00 00 48 49 53 54 00 00 00 00  ........HIST....",{"type":848,"value":1066},{"type":848,"marks":1140,"value":1141},[850],"b4 02 00 00 50 52 54 20 00 00 00 00 c8 02 00 00  ....PRT ........",{"type":848,"value":1066},{"type":848,"marks":1144,"value":1145},[850],"56 43 54 50 00 00 00 00 dc 02 00 00 46 54 41 42  VCTP........FTAB",{"type":848,"value":1066},{"type":848,"marks":1148,"value":1149},[850],"00 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00  ................",{"type":848,"value":1066},{"type":848,"marks":1152,"value":1153},[850],"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................",{"type":848,"value":1066},{"type":848,"marks":1156,"value":1157},[850],"ff ff ff ff 00 00 00 00 a4 00 00 00 00 00 00 00  ................",{"type":848,"value":1066},{"type":848,"marks":1160,"value":1161},[850],"04 00 00 00 ff ff ff ff 00 00 00 00 b8 00 00 00  ................",{"type":848,"value":1066},{"type":848,"marks":1164,"value":1165},[850],"00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00  ................",{"type":848,"value":1066},{"type":848,"marks":1168,"value":1169},[850],"c8 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff  ................",{"type":848,"value":1066},{"type":848,"marks":1172,"value":1173},[850],"00 00 00 00 d0 00 00 00 00 00 00 00 00 00 00 00  ................",{"type":848,"value":1066},{"type":848,"marks":1176,"value":1177},[850],"ff ff ff ff 00 00 00 00 84 01 00 00 00 00 00 00  ................",{"type":848,"value":1066},{"type":848,"marks":1180,"value":1181},[850],"00 00 00 00 ff ff ff ff 00 00 00 00 b8 01 00 00  ................",{"type":848,"value":1066},{"type":848,"marks":1184,"value":1165},[850],{"type":848,"value":1066},{"type":848,"marks":1187,"value":1188},[850],"3c 02 00 00 00 00 00 00 00 00 00 00 ff ff ff ff  \u003C...............",{"type":848,"value":1066},{"type":848,"marks":1191,"value":1192},[850],"00 00 00 00 40 06 00 00 00 00 00 00 00 00 00 00  ....@...........",{"type":848,"value":1066},{"type":848,"marks":1195,"value":1196},[850],"ff ff ff ff 00 00 00 00 5c 06 00 00 00 00 00 00  ........\\.......",{"type":848,"value":1066},{"type":848,"marks":1199,"value":1200},[850],"00 00 00 00 ff ff ff ff 00 00 00 00 64 06 00 00  ............d...",{"type":848,"value":1066},{"type":848,"marks":1203,"value":1165},[850],{"type":848,"value":1066},{"type":848,"marks":1206,"value":1207},[850],"74 06 00 00 00 00 00 00 00 00 00 00 ff ff ff ff  t...............",{"type":848,"value":1066},{"type":848,"marks":1210,"value":1211},[850],"00 00 00 00 50 09 00 00 00 00 00 00 00 00 00 00  ....P...........",{"type":848,"value":1066},{"type":848,"marks":1214,"value":1215},[850],"ff ff ff ff 00 00 00 00 58 09 00 00 00 00 00 00  ........X.......",{"type":848,"value":1066},{"type":848,"marks":1218,"value":1219},[850],"00 00 00 00 ff ff ff ff 00 00 00 00 60 09 00 00  ............`...",{"type":848,"value":1066},{"type":848,"marks":1222,"value":1165},[850],{"type":848,"value":1066},{"type":848,"marks":1225,"value":1226},[850],"84 0a 00 00 00 00 00 00 00 00 00 00 ff ff ff ff  ................",{"type":848,"value":1066},{"type":848,"marks":1229,"value":1230},[850],"00 00 00 00 08 24 00 00 00 00 00 00 00 00 00 00  .....$..........",{"type":848,"value":1066},{"type":848,"marks":1233,"value":1234},[850],"ff ff ff ff 00 00 00 00 10 24 00 00 00 00 00 00  .........$......",{"type":848,"value":1066},{"type":848,"marks":1237,"value":1238},[850],"00 00 00 00 ff ff ff ff 00 00 00 00 9c 24 00 00  .............$..",{"type":848,"value":1066},{"type":848,"marks":1241,"value":1165},[850],{"type":848,"value":1066},{"type":848,"marks":1244,"value":1245},[850],"a4 24 00 00 00 00 00 00 00 00 00 00 ff ff ff ff  .$..............",{"type":848,"value":1066},{"type":848,"marks":1248,"value":1249},[850],"00 00 00 00 ac 24 00 00 00 00 00 00 00 00 00 00  .....$..........",{"type":848,"value":1066},{"type":848,"marks":1252,"value":1253},[850],"ff ff ff ff 00 00 00 00 d8 24 00 00 00 00 00 00  .........$......",{"type":848,"value":1066},{"type":848,"marks":1256,"value":1257},[850],"00 00 00 00 ff ff ff ff 00 00 00 00 5c 25 00 00  ............\\%..",{"type":848,"value":1066},{"type":848,"marks":1260,"value":1261},[850],"00 00 00 00 80 00 00 00 ff ff ff ff 00 00 00 00  ................",{"type":848,"value":1066},{"type":848,"marks":1264,"value":1265},[850],"38 28 00 00 00 00 00 00                          8(......",{"type":848,"value":1267},"\n\n\nThe structure begins with a 30h-byte header (purple), followed by a DWORD structure length (blue), which is the size of the entire structure as shown - in our case 338h. After that, a DWORD handle count (green), 17h, tells us that there are 23 handles in the handle array that follows (red). Each handle consists of three DWORDs: some seemingly user-readable keyword, count of handle's objects (subtracted by 1, so 0 means 1 object), and the offset of its first object; the offset is meant from the handle count (green). Finally, the rest of the structure is object data area (black). Each object takes 20 bytes, and if a handle has ",{"type":848,"marks":1269,"value":1270},[867],"n",{"type":848,"value":1272}," objects, they take ",{"type":848,"marks":1274,"value":1270},[867],{"type":848,"value":1276}," * 20 consecutive bytes at the specified offset.\n\nClearly, a valid RSRC structure would have all handles' objects located neatly inside the object data area. But a malformed RSRC structure can specify an arbitrary offset, and thus tamper with chosen memory locations.\n\n\n",{"type":848,"marks":1278,"value":1279},[850],"Patching",{"type":848,"value":1281},"\n\nOur goal at this point was to add the missing sanity check to the original code: we should not allow accessing any object data outside the object data area.\n\nWe needed to find a good location for injecting the patch, and we chose one right after a handle's offset is obtained, at which point we had all information available to implement the sanitiy check. The following image shows the location of our patch.\n\n\n",{"item":823,"type":1001},{"type":845,"children":1284},[1285],{"type":848,"value":1286}," \n\nWe have the following information available at the patch injection point:\n",{"type":1288,"style":1289,"children":1290},"list","numbered",[1291,1298,1304],{"type":1292,"children":1293},"listItem",[1294],{"type":845,"children":1295},[1296],{"type":848,"value":1297},"esi holds the offset of the current handle's first object",{"type":1292,"children":1299},[1300],{"type":845,"children":1301},[1302],{"type":848,"value":1303},"dword [ebp+10h] holds the number of objects for this handle (reduced by 1)",{"type":1292,"children":1305},[1306],{"type":845,"children":1307},[1308],{"type":848,"value":1309},"dword [ebp-4] holds the address of the handle count value, which is right next to the structure length value in memory.",{"type":845,"children":1311},[1312],{"type":848,"value":1313},"The existing sanitization code exits the function with return value 6 (in eax) when the existing sanity checks fail, indicating to the caller that the structure is invalid. When this happens, LabVIEW tells the user that the file is invalid. We decided to do the same in our sanity check. \n\nIn pseudo-code, this is what we needed to do:\n\n",{"type":1288,"style":1289,"children":1315},[1316,1322,1328,1334,1340,1346,1352],{"type":1292,"children":1317},[1318],{"type":845,"children":1319},[1320],{"type":848,"value":1321},"if offset of the current handle is negative or ridiculously large, we return with error 6",{"type":1292,"children":1323},[1324],{"type":845,"children":1325},[1326],{"type":848,"value":1327},"if the number of objects for the current handle is negative or ridiculously large, we return with error 6",{"type":1292,"children":1329},[1330],{"type":845,"children":1331},[1332],{"type":848,"value":1333},"multiply the number of objects with 20 to get the size of the object array ",{"type":1292,"children":1335},[1336],{"type":845,"children":1337},[1338],{"type":848,"value":1339},"add offset to the size of object array to get the offset immediately after the array",{"type":1292,"children":1341},[1342],{"type":845,"children":1343},[1344],{"type":848,"value":1345},"calculate the maximum allowed offset by subtracting 34h (offset of handle count) from the structure length",{"type":1292,"children":1347},[1348],{"type":845,"children":1349},[1350],{"type":848,"value":1351},"if the last byte of object array is beyond the maximum allowed offset, return with error 6 ",{"type":1292,"children":1353},[1354],{"type":845,"children":1355},[1356],{"type":848,"value":1357},"Otherwise continue",{"type":845,"children":1359},[1360,1362,1366],{"type":848,"value":1361},"\nThis is the source code of the actual patch:\n\n",{"type":848,"marks":1363,"value":1365},[1364],"code","MODULE_PATH \"C:\\Program Files (x86)\\National Instruments\\LabVIEW 2017\\resource\\mgcore_SH_17_0.dll\"\nPATCH_ID 276\nPATCH_FORMAT_VER 2\nVULN_ID 2892\nPLATFORM win32\n\n\npatchlet_start\n PATCHLET_ID 1\n PATCHLET_TYPE 2\n\n PATCHLET_OFFSET 0x30c94\n N_ORIGINALBYTES 5\n\n PIT mgcore_SH_17_0!0x30c09\n\n code_start\n\n    ; esi is offset of the handle's object data\n    test esi, 0FFF00000h   ; is offset negative or too huge?\n    jnz error             ; if so, exit with error\n\n    mov eax, dword [ebp+10h] ; eax = number of objects in this handle (-1)\n    inc eax                  ; eax = actual number of objects in this handle\n    test eax, 0FFF00000h     ; is number of objects negative or too huge?\n    jnz error\n\n    imul eax, 14h         ; size of object data for this handle\n                          ; (1 object is 14h bytes)\n    add eax, esi          ; eax = offset right after this handle's \n                          ; last object\n\n    mov edx, dword [ebp-4] ; stored address of handles_num\n    mov edx, [edx-4]      ; structure length is stored right before\n                          ; handles_num\n    sub edx, 34h          ; edx is the maximum allowed offset\n    cmp eax, edx          ; are we out of bounds?\n    jg error              ; if so, exit with error\n\n    jmp continue\n\n error:\n    call PIT_ExploitBlocked\n    jmp PIT_0x30c09       ; jmp to epilogue with error code 6\n\n continue:\n\n code_end\npatchlet_end",{"type":848,"value":1367},"\n\n\nOur micropatch has been published and distributed to all installed 0patch Agents yesterday (two days after Talos published vulnerability details), and you can see it in action in this video.\n\n",{"item":827,"type":1001},{"type":845,"children":1370},[1371,1374,1376,1379,1381,1388,1390,1396,1398,1405,1406],{"type":848,"marks":1372,"value":1373},[850],"The benefits of micropatching",{"type":848,"value":1375},"\n\nThis story is a common one: a software vendor creates a product, many users use it, then someone finds a vulnerability. The vendor is notified but it's expensive for them to create and distribute a patch outside their schedule. Even with an updating mechanism in place, the so-called \"fat updates\" (updates that replace huge chunks of the product) are risky; many things can go wrong and expensive full-blown testing has to be done. And then the update has to be delivered to users, who have to waste their precious time with updating. And all that just for a single vulnerability? Understandably, vendors are inclined to try postponing such unwanted updates and bundle them with scheduled ones, often buying their time by downplaying the issue. When that happens, the security community likes to drop the details (",{"type":848,"marks":1377,"value":1378},[867],"\"hey, if the vendor says it's not an issue, there's no harm in publishing\"",{"type":848,"value":1380},"), and that usually pushes the vendor to issue a fix after all. They do it under pressure, and the risk of error is higher than usual. Finally, since un-updating is not really a thing, a botched fix could mean a nightmare for users to just get back to the vulnerable functional state.\n\nIn contrast, in-memory micropatching can fix a vulnerability with minimal and extremely controlled code modification (usually a dozen or so machine instructions) with no unwanted side effects. In addition, a micropatch can be applied to a product instantly, while the product is running, and just as instantly removed if suspected to be causing problems. All this allows the testing to be less rigorous, and only focused on the modified code - therefore cheaper.\n\nNow imagine National Instruments had micropatching integrated in LabVIEW. It would be inexpensive to create and distribute a highly reliable micropatch for a vulnerability like this - especially with their intimate knowledge of the product -, and they could stay on their original release schedule while users would get their LabVIEW installations micropatched without even knowing it. No PR mess, no unhappy users, and very little disruption of business. What's not to like?\n\nSoftware vendors are welcome to ",{"url":1382,"meta":1383,"type":12,"children":1385},"mailto:support@0patch.com",[1384],{"id":858,"value":859},[1386],{"type":848,"value":1387},"approach us",{"type":848,"value":1389}," about saving money, grief, and their users' time with micropatching.\n\n\nIf you have ",{"url":55,"meta":1391,"type":12,"children":1393},[1392],{"id":858,"value":859},[1394],{"type":848,"value":1395},"0patch Agent",{"type":848,"value":1397}," installed (it's free!), this micropatch is already on your computer and is getting automatically applied whenever you launch LabVIEW 2017. \n\n",{"url":1399,"meta":1400,"type":12,"children":1402},"https://twitter.com/mkolsek",[1401],{"id":858,"value":859},[1403],{"type":848,"value":1404},"@mkolsek",{"type":848,"value":1066},{"url":699,"meta":1407,"type":12,"children":1409},[1408],{"id":858,"value":859},[1410],{"type":848,"value":1411},"@0patch",{"type":845,"children":1413},[1414],{"type":848,"value":40},{"alt":720,"url":798,"width":799,"height":800,"responsiveImage":1416},{"srcSet":1417,"webpSrcSet":1418,"sizes":1419,"src":1420,"width":1421,"height":1422,"aspectRatio":1423,"alt":720,"title":720,"bgColor":806,"base64":807},"https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?auto=compress&crop=focalpoint&dpr=0.25&fit=crop&w=1440 360w,https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?auto=compress&crop=focalpoint&fit=crop&w=1440 1440w","https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?auto=compress&crop=focalpoint&dpr=0.25&fit=crop&fm=webp&w=1440 360w,https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?auto=compress&crop=focalpoint&fit=crop&fm=webp&w=1440 1440w","(max-width: 1440px) 100vw, 1440px","https://www.datocms-assets.com/166020/1755778219-vi_file_hex.png?auto=compress&crop=focalpoint&fit=crop&w=1440",1440,1427,1.0091100210231254,1780067950162]