Bug: 0patch Agent outputs "ANOMALY: meaningless REX prefix used" to standard output

Mitja Kolsek -

On some Windows 10 versions (confirmed on v21H1 and v2004), our patches for CVE-2024-29050 (issued on Aug 22, 2024) seem to cause the following string to be written to standard output, which can be seen in the PowerShell console and in Command Line app when an executable is launched that loads crypt32.dll (e.g., certutil.exe):

ANOMALY: use of REX.w is meaningless (default operand size is 64)

We have identified the root cause of this bug and will fix it either in our next agent version or before that with a micropatch. For most users, this message will only be an inconvenience but if it severely affects you, please do the following:

  1. Notify us at support@0patch.com - we'd like to know how serious this issue is for our users and we can help you identify the affected application for option #2 below.
  2. Either: Exclude the affected application from injection as described in article One of my applications is crashing when 0patch Agent is installed
  3. Or: Disable patches for CVE-2024-29050.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.