Patches

Fixing what’s really important.

The goal of 0patch is not to micropatch every vulnerability but the important ones, such as those exploited in the wild or those without official vendor patches. These are some of our most popular micropatches.

2021-10-11
New

CVE-2021-34480 Microsoft Windows    

Scripting Engine Memory Corruption

2021-09-24
New
Exploited

CVE-2021-40444 Microsoft Windows    

MSHTML Remote Code Execution

2021-08-23
New
Exploited

CVE-2021-33742 Microsoft Windows    

MSHTML Remote Code Execution

2021-08-06
New
0day

CVE-2021-36942 Microsoft Windows PetitPotam  

PetitPotam NTLM Relay Attack

2021-08-05
New
Exploited

CVE-2021-36958 Microsoft Windows    

Malicious printer driver local privilege escalation

2021-08-02
New
Exploited

CVE-2020-0787 Microsoft Windows    

Background Intelligent Transfer Service Elevation of Privilege

2021-07-02
New
Exploited

CVE-2021-34527 Microsoft Windows    

Print Spooler Remote Code Execution

PrintNightmare

2021-06-14

CVE-2021-31959 Internet Explorer    

Scripting Engine Memory Corruption

2021-05-18

CVE-2021-26419 Internet Explorer    

Scripting Engine Memory Corruption

2021-05-06

CVE-2021-26415 Microsoft Windows    

Windows Installer Elevation of Privilege

2021-03-23

CVE-2021-26897 Microsoft Windows Server    

Windows DNS Server SIG Record Buffer Overflow

2021-03-23

CVE-2021-26877 Microsoft Windows Server    

Windows DNS Server TXT Record Out-Of-Bounds Read

2021-02-11
Exploited

CVE-2021-26411 Internet Explorer    

HTML Attribute nodeValue Double Free

2021-02-09

CVE-2020-1030 Microsoft Windows    

Print Spooler Elevation of Privilege

2021-01-28

CVE-2021-1727 Microsoft Windows    

Windows Installer config.msi Local Privilege Escalation

2021-01-07

CVE-2021-1733 Microsoft PsExec    

PsExec Local Privilege Escalation

2020-12-23

CVE-2020-1013 Microsoft Windows    

WSUS Spoofing

2020-12-02

CVE-2020-17001 Microsoft Windows    

Print Spooler Elevation of Privilege

2020-11-25
0day

CVE-2021-27091 Microsoft Windows  

Windows RpcEptMapper and Dnscache Service Insecure Registry Permissions EoP

2020-11-17

CVE-2020-1300 Microsoft Windows    

Cabinet File Directory Traversal RCE

2020-10-27

CVE-2021-1640 Microsoft Windows    

Print Spooler Arbitrary File Creation

2020-10-16

CVE-2020-1062 Microsoft Windows    

JScript Garbage Collection RCE

2020-10-16

CVE-2020-0968 Microsoft Windows    

Scripting Engine Memory Corruption

2020-09-17
Exploited

CVE-2020-1472 Microsoft Windows Zerologon    

Netlogon Elevation of Privilege

2020-09-14
Exploited

CVE-2020-1380 Microsoft Windows    

Scripting Engine Memory Corruption

2020-09-09

CVE-2020-1530 Microsoft Windows    

Remote Access Phonebook Use-After-Free

2020-09-01

CVE-2020-1337 Microsoft Windows    

Elevation of Privilege in Print Spooler

2020-08-11

CVE-2020-1113 Microsoft Windows    

Task Scheduler Security Feature Bypass

2020-07-17

CVE-2020-1350 Microsoft Windows SIGRed    

DNS Server Remote Code Execution

2020-07-16

CVE-2020-0662 Microsoft Windows    

Memory Corruption in DHCP Message Processing

2020-07-09

Unknown CVE Zoom Client for Windows    

Remote Code Execution

2020-06-26

CVE-2020-1299 Microsoft Windows    

LNK Remote Code Execution

2020-06-16

CVE-2020-1281 Microsoft Windows    

OLE Remote Code Execution

2020-06-09
Exploited

CVE-2017-8570 Microsoft Office    

Microsoft Office Remote Code Execution Vulnerability

2020-05-27

CVE-2020-1015 Microsoft Windows    

User-Mode Power Service Memory Corruption

2020-05-20
Exploited

CVE-2020-1048 Microsoft Windows PrintDemon    

Print Spooler Elevation of Privilege

2020-04-22

CVE-2020-0687 Microsoft Windows    

Microsoft Graphics Remote Code Execution

2020-04-03

CVE-2020-0729 Microsoft Windows    

Microsoft LNK Remote Code Execution

2020-03-26
Exploited

CVE-2020-0938, CVE-2020-1020 Microsoft Windows  

Microsoft Type 1 Font Parsing Remote Code Execution

workaround

2020-03-20

CVE-2020-0668 Microsoft Windows    

Windows Service Tracing Elevation of Privilege

2020-03-19

CVE-2020-0881 Microsoft Windows    

Microsoft GDI+ Remote Code Execution

2020-03-12

CVE-2020-0683 Microsoft Windows    

Microsoft Windows Installer Elevation of Privilege

2020-02-11
Exploited

CVE-2012-0158 Microsoft Office    

MSCOMCTL ActiveX Buffer Overflow

2020-01-28
Exploited

CVE-2017-11774 Microsoft Outlook    

Arbitrary Code Execution Via Home Page

a fix for an old but still exploited vulnerability used by Iranian-sponsored groups

2020-01-20
Exploited

CVE-2020-0674 Internet Explorer  

Scripting Engine Memory Corruption

workaround

2019-12-20
0day

Unkonwn CVE Dropbox  

Updater Arbitrary File Overwrite

2019-11-28
Exploited

CVE-2019-1429 Internet Explorer    

Microsoft Scripting Engine Memory Corruption

2019-11-21

CVE-2019-5047 NitroPDF    

CharProcs Remote Code Execution

2019-10-18

CVE-2019-5048 NitroPDF    

ICCBased Color Space Remote Code Execution

2019-10-15

CVE-2019-5053 NitroPDF    

Stream Length Memory Corruption

2019-10-14

CVE-2019-5050 NitroPDF    

Page Kids Remote Code Execution

2019-05-31

CVE-2019-1069 Microsoft Windows BearLPE    

Local Privilege Escalation in Task Scheduler

2019-05-24
Exploited

CVE-2019-0708 Microsoft Windows BlueKeep    

Remote Code Execution in Remote Desktop Services

2019-04-25

CVE-2017-0176 Microsoft Windows XP/Server 2003 EsteemAudit    

Microsoft Windows XP SP3/Server 2003 SP2 RDP privilege escalation

2019-04-19

Unknown CVE Oracle Java    

Oracle Java RE out-of-bounds read during TTF font rendering in ExtractBitMap_blocClass

2019-04-16

CVE-2019-1054 Microsoft Internet Explorer  

Missing Error Check on Reading Mark-Of-The-Web

Microsoft Edge uses a secret trick and breaks Internet Explorer's security

2019-04-04

Unknown CVE Oracle Java    

Oracle Java RE out-of-bounds read in AlternateSubstitutionSubtable::process

2019-04-04

Unknown CVE Oracle Java    

Oracle Java RE out-of-bounds read in OpenTypeLayoutEngine::adjustGlyphPositions

2019-02-21
Exploited

CVE-2018-20250 RARLAB WinRAR  

WinRAR ACE Path Traversal

2019-02-13
0day

CVE-2018-16858 OpenOffice  

OpenOffice Python Script Handler Directory Traversal

2019-02-13

CVE-2018-16858 LibreOffice  

LibreOffice Python Script Handler Directory Traversal

2019-02-11

CVE-2019-7089 Adobe Acrobat Reader DC  

Adobe Reader Callback Via UNC Path

2019-01-22
0day

No CVE Microsoft Windows  

Microsoft Windows Contacts Arbitrary Code Execution

2019-01-21

CVE-2019-0636 Microsoft Windows readfile  

MsiAdvertiseProduct Unauthorized File Read

2019-01-17
Exploited

CVE-2019-0863 Microsoft Windows AngryPolarBearBug    

Error Reporting Local Privilege Escalation

2018-11-21

CVE-2018-0952 Microsoft Windows  

Microsoft Diagnostic Hub Standard Collector Elevation Of Privilege

2018-10-24

CVE-2018-8584 Microsoft Windows deletebug  

Microsoft Data Sharing Service Arbitrary File Delete

2018-09-21

CVE-2018-8423 Microsoft Windows  

Out-Of-Bounds Write in Microsoft Jet Database Engine

Outrunning Attackers On The Jet Database Engine 0day

2018-09-19

CVE-2017-16720 Advantech WebAccess  

Advantech WebAccess webvrpcs "Draw" Remote Code Execution

2018-09-19

No CVE Advantech WebAccess  

Advantech WebAccess webvrpcs "View" Remote Code Execution

2018-09-10

CVE-2018-8353 Microsoft Windows  

Microsoft Scripting Engine Memory Corruption

2018-09-05

CVE-2018-8440 Microsoft Windows  

Microsoft Windows Task Scheduler ALPC Local Privilege Escalation

Publicly Dropped 0day in Task Scheduler

2018-08-24

CVE-2018-8414 Microsoft Windows  

Microsoft Windows "SettingContent-ms" Remote Code Execution

Initially rejected for patching by Microsoft

2018-08-10

CVE-2018-12815 Adobe Acrobat Reader DC  

Adobe Acrobat Reader DC JSON Stringify Remote Code Execution

2018-08-07

CVE-2018-8242 Microsoft Windows  

Microsoft Scripting Engine Memory Corruption

2018-07-27

CVE-2018-12756 Adobe Acrobat Reader DC  

Adobe Acrobat Reader Use-After-Free memory corruption

2018-05-30

CVE-2017-17557 Foxit Reader  

Foxit Reader Arbitrary Code Execution

2018-05-14
Exploited

CVE-2018-8174 Microsoft Windows  

Microsoft Windows VBScript Engine Remote Code Execution

A micropatch instead of the official update that probably broke your network

2018-03-30
Exploited

CVE-2017-7269 Microsoft Windows Immortal  

Buffer overflow in WebDAV service ScStoragePathFromUrl

Heavily exploited in the wild for 9 months

2018-02-20
Exploited

CVE-2018-0802 Microsoft Windows Office  

Microsoft Office Equation Editor Memory Corruption

The Bug That Killed Equation Editor

2018-02-19
Exploited

CVE-2018-5996 7-Zip  

7-Zip Memory Corruptions via RAR PPMd

2018-02-12

CVE-2018-0798 Microsoft Windows Office  

Microsoft Equation Editor Memory Corruption

Bringing back abandoned MS Equation Editor

2018-02-12

CVE-2017-17969 7-Zip  

7-Zip Heap Buffer Overflow

2017-11-23
Exploited

CVE-2017-11882 Microsoft Windows  

MS Office Equation Editor Memory Corruption

2017-11-09

CVE-2017-11826 Microsoft Windows  

Microsoft Word OOXML Parser Memory Corruption

2017-10-25

No CVE Microsoft Windows  

Microsoft Office DDE/DDEAUTO Remote Code Execution

It's a feature, not a bug

2017-10-04

CVE-2017-4924 VMware Workstation  

VMware Workstation Shader Out-Of-Bounds Write

Micropatching a hypervisor with running virtual machines

2017-10-02

CVE-2017-11281 Adobe Flash Player  

Adobe Flash Player Remote Memory Corruption

2017-09-29

CVE-2017-11282 Adobe Flash Player  

Adobe Flash Player Remote Memory Corruption

2017-09-21

CVE-2017-0022 Microsoft Windows  

Microsoft XML Core Services Information Disclosure

Exploit kit rendezvous

2017-09-07

CVE-2017-8464 Microsoft Windows  

Microsoft LNK Remote Code Execution

The New Stuxnet Windows LNK Vulnerability

2017-09-01

CVE-2017-2779 National Instruments LabVIEW  

LabVIEW RSRC Arbitrary Null Write Code Execution

2017-08-24

CVE-2017-10952 Foxit Reader  

Foxit Reader saveAs Arbitrary File Write

A logical bug patched

2017-07-10

CVE-2017-0283 Microsoft Windows  

Microsoft Windows Uniscribe Remote Code Execution

2017-07-04

CVE-2013-2472 Oracle Java  

Oracle Java ShortComponentRaster.verify() Memory Corruption

2017-05-15

CVE-2017-0290 Microsoft Windows  

Microsoft Malware Protection Engine Type Confusion

Worst windows remote code execution

2017-04-04

CVE-2013-2473 Oracle Java  

Oracle Java Blit function heap buffer overflow

2017-04-04

CVE-2013-2471 Oracle Java  

Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow

2017-04-04

CVE-2013-2470 Oracle Java  

Oracle Java lookupByteBI function heap buffer overflow

2017-03-09

CVE-2017-0037 Microsoft Windows  

Internet Explorer 11 Type confusion in HandleColumnBreakOnColumnSpanningElement

2017-02-28

CVE-2017-0038 Microsoft Windows  

Microsoft Windows gdi32.dll EMF file information disclosure

2016-09-02

No CVE 0patch Agent  

Module loading logical error in 0patch Loader (functional flaw)

Patch to self, functional flaw

2016-07-26

CVE-2016-3740 Foxit Reader  

Foxit Reader ConvertToPDF TIFF SamplesPerPixel Parsing Heap Buffer Overflow

2016-06-17

CVE-2016-1077 Adobe Acrobat Reader DC  

Adobe Acrobat Reader Deflate Use-After-Free

2016-01-26

CVE-2015-6130 Microsoft Windows  

Integer Underflow in Unicode Script Processor

2016-01-19

CVE-2014-6321 Microsoft Windows  

Windows schannel remote code execution (MS14-066)

First micropatch released on Twitter

2015-06-03

CVE-2013-7409 AllPlayer  

AllPlayer 5.8 Buffer Overflow In .M3u File

2015-06-03

CVE-2013-6877 RealPlayer  

RealPlayer 16.0.2.32 Buffer Overflow In .rmp File

2015-05-14

CVE-2011-1260 Microsoft Windows  

Internet Explorer 8 MS11-050 MSHTML use-after-free

2015-05-13

CVE-2011-2371 Mozilla Firefox  

Firefox 3.6.16 ReduceRight() Integer Overflow

2015-03-27

No CVE Foxit Reader  

Foxit Reader 4.1.1 Stack Buffer Overflow

2015-03-04

CVE-2008-2992 Adobe Acrobat Reader  

Adobe util.printf() Buffer Overflow

2015-03-03

CVE-2009-0927 Adobe Acrobat Reader  

Adobe Collab.getIcon() Buffer Overflow

2015-03-02

CVE-2013-2463 Oracle Java  

Oracle Java BytePackedRaster.verify() Signed Integer Overflow

2015-02-26

CVE-2013-2465 Oracle Java  

Oracle Java storeImageArray function heap buffer overflow

2015-02-23

CVE-2014-0160 OpenSSL  

OpenSSL Heartbeat (Heartbleed) Information Leak

Our first public micropatch