Another 3rd party patch for the Windows ANI vulnerability

This came from jeremy@x-solve.com:

We have made an emergent patch of 「Microsoft Security Advisory (935423)」. X-Solve is an information security company from Taiwan.
This patch program will install an API-Hooking DLL which protects unsafe API from the 0day exploit.

Please read following texts carefully before your next step. Make sure that you totally understand the related issues and risks or do not use this patch.

This patch is an emergent fix, since Microsoft(C) hasn’t provided an official solution until now. Once you use this patch we will install a file named PatchAni.dll into your system to fix the bugged Windows API. We take a different method with eEye, not just check the path of a file, but analyze the file format and fix the bug at very original source.

Again, this patch is an emergent fix made by X-Solve team, not from Microsoft(C) official site. If you have any other considerations, we do not suggest you to use this software. You still can wait Microsoft(C) to provide an official solution.

Note. It is recommanded to remove this patch if Microsoft(C) provides official solution in the future.

Download the patch for vulnerability#935423 (English Version)

Supported OS:

Windows 2000
Windows XP
Windows 2003

X-Solve Lab, 2007.3.31

More information here .

And in pure coincidence, totally unrelated to the patches from eEye, ZERT and now X-Solve, Microsoft will be releasing the official patch earlier.

I give the “Microsoft Tuesday” initiative another year or so before it collapses under the pressure of 3rd party patches.

Share
  • http://blogs.securiteam.com/index.php/archives/author/mattmurphy/ Matthew Murphy

    The zero-day plagues and the tendency to turn to third-party fixes prove beyond any refutation that Microsoft cannot simply postpone patches for immediate threats until the company or its corporate customers deem convenient. In the case of true “zero-day” threats (exploit, malicious activity, no patch), Microsoft has a moral obligation to release patches as soon as feasible, rather than at the earliest convenience — particularly when the difference between the two is so substantial.

    That said, I don’t see why the entire initiative would collapse. Scheduled patch delivery for non-immediate threats is good. What’s more, if an out-of-cycle patch is available, you can choose to deploy the patch immediately or wait for the regularly scheduled deployment timeframe of April 10th, as business priorities dictate.

    I see changes to Patch Tuesday, but more of a “shear” rather than a collapse. It’s entire likely that the ongoing zero-day epidemic will produce a two-tiered patch release schedule — monthly releases for privately-reported issues, irregular fixes for zero-day bugs. Some customers will not apply the out-of-cycle patches any faster, and that’s okay; they’re not at any greater risk as a result. Others will apply them immediately, and thus, they will be protected.