Test How 0patch Works

Mitja Kolsek -

Follow these instructions to get started with 0patch and see how it works.

 

1) Vulnerable applications and "proof of concept" exploits

  1. Download vulnerable applications and accompanying "proof of concept" exploit files using the provided links, install these apps and test their "proof of concept" exploits:
    1. Adobe Reader 8.0: Launch Adobe Reader and open double-click Poc_ZP-2.pdf or Poc_ZP-4.pdf via File -> Open. Notice that Adobe Reader crashes.
    2. Foxit Reader 4.1.1: Launch Foxit Reader and open Poc_ZP-3.pdf via File -> Open. Notice that Foxit Reader crashes.
    3. Mozilla Firefox 3.6.16: Launch Firefox and open Poc_ZP-6.html via File -> Open. Notice that Firefox crashes.
    4. Foxit Reader 9.0.1 (no download link): Launch Foxit Reader and drop Poc_ZP-322.bmp on it to start conversion to PDF. Notice that Foxit Reader crashes.

 

2) 0patch to the rescue

  1. Obtain a free 0patch user account at https://central.0patch.com/auth/register.
  2. Download 0patch Agent installer.
  3. Install 0patch Agent.
  4. Register your 0patch Agent by signing in to 0patch Console using email and password for your 0patch account.
  5. Read the 0patch Agent user manual (right-click on 0patch tray icon) to learn the basics of using 0patch Agent.
  6. Change the pop-up settings to "Inform me about all patching events" in 0patch console -> Settings.
  7. Launch any one of the vulnerable applications and notice one or more 0patch pop-up messages in the lower right corner of your screen informing you that a patch has been applied to the application.
  8. Open that application's "proof of concept" exploit file and notice that instead of the application crashing, you now see an "Exploit blocked" pop-up message.
  9. Launch 0patch Console, open the "Applications" page, locate the above application in the list and switch its button to "excluded" (red dot) state. Notice that if the application is currently running, one or more "Patch removed" messages appear, informing you that a patch has been removed from the running application.
  10. Re-launch the vulnerable application. Notice the "Application excluded from patching" message and no "Patch applied" messages. Open a "proof of concept" exploit file for that application and notice that it crashes the application.
  11. Use the 0patch Console to un-exclude the application, then click on the application name in the "Applications" page to see the list of patches applied to that application. Click on any of these patches, which opens the "Patches" page with the selected patch displayed in a different color than others. Locate that patch and disable it by switching its button to "disabled" (red dot) state.
  12. Re-launch the vulnerable application. Notice the "Patch disabled" message, informing you that a patch would have been applied but was disabled. Open a "proof of concept" exploit file for that application and notice that it crashes the application.
  13. Finally, use the 0patch Console to un-exclude all applications and enable all patches, then re-test all "proof of concept" exploit files against their vulnerable applications to verify that 0patch is now protecting your applications from attacks against these vulnerabilities.
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.