This article presents the current status of vulnerabilities affecting Windows 7 and Windows Server 2008 R2 after their end of support on January 14, 2020, as well as the current status of our micropatches issued for these vulnerabilities. Note that in order for us to issue a micropatch for a vulnerability, we must consider it high-risk and have a test case ("POC", proof-of-concept) at hand to be able to reproduce and analyze the issue. Accordingly, only vulnerabilities currently eligible for micropatching are included in the table.
The table below will be continually updated with status changes (e.g., if a vulnerability becomes exploited, if our risk assessment changes, when we issue a micropatch) and new eligible vulnerabilities as we become aware of them either through Microsoft's documentation or other sources (e.g., a vulnerability getting published or privately reported to us).
For any questions please contact support@0patch.com.
| CVE ID | Title | Public | RCE | Exploited | Comment | 0patch status |
| NO CVE / 0day | "InstallerFileTakeOver" Windows Installer Local Privilege Escalation | yes | no | yes | POC published by security researcher |
Micropatch issued on 12/2/2021 for Windows 10 v1803, Windows 10 v1809 (Windows 7 and Server 2008 R2 without ESU are not affected) |
| CVE-2021-24084 | Local Privilege Escalation in Mobile Device Management Service | yes | no | no | POC published by security researcher |
Micropatch issued on 11/26/2021 for Windows 10 v1809 (Windows 7, Windows Server 2008 R2, and Windows 10 v1803 not exploitable) |
| CVE-2021-40469 | Remote Code Execution in DNS Service | yes | yes | no | POC published by security researcher |
Micropatch issued on 11/19/2021 for Windows Server 2008 R2 |
| CVE-2021-34484 | Local Privilege Escalation in User Profile Service | yes | no | no | POC published by security researcher |
Micropatch issued on 11/10/2021 for Windows 10 v1809 (Windows 7, Windows Server 2008 R2, and Windows 10 v1803 likely not exploitable) |
| CVE-2021-34480 | Memory Corruption in Windows Scripting Engine | yes | yes | no | POC published by security researcher |
Micropatch issued on 10/11/2021 for Windows 7, Windows Server 2008 R2, Windows 10 v1803, Windows 10 v1809 |
| CVE-2021-40444 | Windows MSHTML Remote Code Execution | yes | yes | yes | Public exploit available |
Micropatch issued on 9/27/2021 for Windows 10 v1803, Windows 10 v1809 |
| CVE-2021-33742 | Windows MSHTML Remote Code Execution | yes | yes | yes | POC published by security researcher |
Micropatch issued on 8/23/2021 for Windows 10 v1803, Windows 10 v1809 |
| CVE-2021-36942 | "PetitPotam" NTLM Relay Vulnerability | yes | yes | no | POC published by security researcher |
Micropatch issued on 8/6/2021 for Windows Server 2008 R2 |
| N/A (0day) | "Malicious Printer Driver" Vulnerability | yes | yes | no | POC published by security researcher |
Micropatch issued on 8/5/2021 for Windows 7, Server 2008 R2, Windows 10 v1803, Windows 10 v1809 |
| CVE-2020-0787 | Microsoft Windows Background Intelligent Transfer Service Elevation of Privilege | yes | no | yes | POC published by security researcher |
Micropatch issued on 8/2/2021 for Windows 7 and Server 2008 R2 |
| CVE-2021-34527 | "PrintNightmare" Print Spooler Remote Code Execution | yes | yes | yes | POC published by security researcher |
Micropatch issued on 7/2/2021 for Windows 7, Server 2008 R2, Windows 10 v1803, Windows 10 v1809 |
| CVE-2021-31959 | Remote Code Execution Issue in Internet Explorer | yes | yes | no | POC published by security researcher |
Micropatch issued on 6/14/2021 for Windows 7, Server 2008 R2, Windows 10 v1803, Windows 10 v1809 |
| CVE-2021-26419 | Remote Code Execution Issue in Internet Explorer | yes | yes | no | POC published by security researcher |
Micropatch issued on 5/18/2021 for Windows 7 and Server 2008 R2 |
| CVE-2021-26415 | Windows Installer Local Privilege Escalation | yes | no | no | POC published by security researcher | Micropatch issued on 5/6/2021 for Windows 7 and Server 2008 R2 |
| CVE-2021-26897 | Windows DNS Server SIG Record Buffer Overflow | yes | yes | no | POC recreated from public data |
Micropatch issued on 3/23/2020 for Windows Server 2008 R2 (Windows 7 is not affected) |
| CVE-2021-26877 | Windows DNS Server TXT Record Out-Of-Bounds Read | yes | yes | no | POC recreated from public data |
Micropatch issued on 3/23/2021 for Windows Server 2008 R2 (Windows 7 is not affected) |
| CVE-2021-26411 | Internet Explorer HTML Attribute nodeValue Double Free | yes | yes | yes | POC published by security researchers, exploited in an attack campaign against security researchers |
Micropatch issued on 2/11/2021 for Windows 7 and Server 2008 R2 |
| CVE-2020-1030 | Windows Print Spooler Elevation of Privilege | yes | no | no | POC published by security researcher | Micropatch issued on 2/9/2021 for Windows 7 and Server 2008 R2 |
| CVE-2021-1727 | Windows Installer Local Privilege Escalation | yes | no | no | POC published by security researcher | Micropatch issued on 1/28/2021 for Windows 7 and Server 2008 R2 |
| CVE-2020-1013 | WSUS Spoofing Local Privilege Escalation | yes | no | no | POC published by security researcher | Micropatch issued on 12/23/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-17001 | Windows Print Spooler Elevation of Privilege | yes | no | no | POC published by security researcher | Micropatch issued on 12/2/2020 for Windows 7 and Server 2008 R2 |
| CVE-2021-27091 N/A (0day) |
Windows RpcEptMapper and Dnscache Service Insecure Registry Permissions EoP | yes | no | no | POC published by security researcher. Microsoft fixed the issue for RpcEptMapper (CVE-2021-27091) with April 2021 updates but Dnscache is still affected | Micropatch issued on 11/25/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1300 | Windows Cabinet File Directory Traversal | yes | yes | no | POC published by security researcher |
Micropatch issued on 11/17/2020 for Windows 7 and Server 2008 R2 |
| CVE-2021-1640 | Windows Print Spooler Arbitrary File Creation | no | no | no | Vulnerability discovered by the 0patch team and reported to Microsoft. (Microsoft fixed it after 130+ days.) |
Micropatch issued on 10/27/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0968 | Scripting Engine Memory Corruption | yes | yes | no | POC published by security researcher |
Micropatch issued on 10/16/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1062 | Scripting Engine Memory Corruption | yes | yes | no | POC published by security researcher |
Micropatch issued on 10/16/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1472 | Microsoft Netlogon Elevation of Privilege ("Zerologon") | yes | no | yes | POC published by security researchers, exploited in various ransomware campaigns |
Micropatch issued on 9/17/2020 for Windows Server 2008 R2 |
| CVE-2020-1380 | Scripting Engine Memory Corruption | yes | yes | yes | POC published by security researchers, exploited in Operation PowerFall |
Micropatch issued on 9/14/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1530 | Windows Remote Access Phonebook Use-After-Free | yes | yes | no | POC published by security researcher |
Micropatch issued on 9/9/2020 for Windows 7 and Server 2008 R2 (Note that the vulnerability exists in two places, each in its own DLLs, which is why each Windows platform has two micropatches.) |
| CVE-2020-1337 | Windows Print Spooler Elevation of Privilege Vulnerability | yes | no | no | POC published by security researcher | Micropatch issued on 9/1/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1113 | Windows Task Scheduler Security Feature Bypass | yes | yes | no | POC published by security researcher | Micropatch issued on 8/11/2020 for Windows Server 2008 R2 |
| CVE-2020-1350 | Windows DNS Server Remote Code Execution VulnerabilityWindows DNS Server Remote Code Execution Vulnerability | yes | yes | no | POC published by security researcher | Micropatch issued on 7/17/2020 for Windows Server 2008 R2 |
| CVE-2020-0662 | Memory Corruption in Windows DHCP Message Processing | yes | yes | no | POC published by security researcher | Micropatch issued on 7/16/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1299 | LNK Remote Code Execution Vulnerability | no | yes | no | POC provided by security researcher | Micropatch issued on 6/26/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1281 | OLE Remote Code Execution Vulnerability | yes | yes | no | POC published by researcher | Micropatch issued on 6/16/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1015 | User-Mode Power Service Memory Corruption | yes | no | no | POC published by researcher | Micropatch issued on 5/27/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1048 | Print Spooler Elevation of Privilege ("PrintDemon") | yes | no | yes | POC published by researcher | Micropatch issued on 5/20/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0687 | Microsoft Graphics Remote Code Execution Vulnerability | no | yes | no | POC provided by security researcher | Micropatch issued on 4/22/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0729 | LNK Remote Code Execution Vulnerability | yes | yes | no | User must be tricked into opening a folder under attacker's control (e.g., from a remote share or a USB key). Stuxnet exploited a similar vulnerability. | Micropatch issued on 4/3/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0938, CVE-2020-1020 | Type 1 Font Parsing Remote Code Execution Vulnerability | no | yes | yes | Initially a 0day, fixed by Microsoft with April 2020 updates. | Micropatch issued on 3/27/2020 for Windows 7 and Server 2008 R2 - this micropatch prevents the processing of Type 1 PostScript fonts |
| CVE-2020-0668 | Windows Service Tracing Elevation of Privilege Vulnerability | yes | no | no | POC published by researcher | Micropatch issued on 3/20/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0881 | GDI+ Remote Code Execution Vulnerability | no | yes | no | POC obtained | Micropatch issued on 3/19/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0683 | Windows Installer Elevation of Privilege Vulnerability | yes | no | no | POC published by researcher | Micropatch issued on 3/12/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability | yes | yes | yes | Found exploited in the wild in limited attacks; vendor initially provided a workaround; we created a micropatch to implement the same workaround without side effects; |
Micropatch issued on 2/19/2020 for Windows 7 / Server 2008 R2, and previous "temporary workaround" micropatch (402) revoked for these platforms Micropatch issued on 2/21/2020 for Windows 10 v1903/v1909 and previous "temporary workaround" micropatch (407) revoked for these platforms Note: this micropatch modifies the behavior of JScript function sort such that calling it with a callback function will behave as if it was called without one (i.e., sort will always perform a string-based sort). We assess this will affect a small number of applications, and not in a critical way. ("Temporary workaround" micropatches 403, 404, 405, 407 remain in place for other platforms.) |
2 Comments