Our security patches are not the same as those provided by Microsoft's Extended Security Updates (ESU), most notable differences being:
- In contrast to Microsoft's huge updates that replace hundreds of megabytes of executable files on your computer, our patches are called "micropatches", and comprise just a handful of CPU instructions each.
- Our patches do not get applied to executable files - instead, they get applied only to running processes in memory. This allows us to apply (and un-apply) them without having to restart the computer or even relaunch the applications we're patching. Imagine typing a document in Word and having Word silently patched without any interruption - that is our way of patching.
- Each of our patches addresses a single vulnerability (with a few exceptions), so you can apply/un-apply them individually if you think any of them is causing problems. This is different to Windows Updates where a single functional problem introduced by an update requires you to resurrect all vulnerabilities patched by such update when you uninstall it.
- Our patches get released as quickly as we can release them. Our technology allows us to actually compete with attackers who work around the clock to weaponize exploits and deploy them, and we want users to be able to win that race. Of course, organizations can decide which computers should get our patches applied immediately, and which should require their manual approval.
- Microsoft and 0patch do not patch all the same vulnerabilities:
- Microsoft patches many issues that we don't. Many of their patches fix vulnerabilities that only they (and the researchers who found them) know the details of - and these almost never get exploited. A vulnerability becomes likely-to-be-exploited when it becomes known to attackers, which is most often by a public disclosure, but sometimes also by circulating in more private circles. These are the ones we're fixing.
- 0patch patches vulnerabilities that Microsoft doesn't (at all or at least not quickly enough). Notably, 0patch has patches for all known "coerced authentication" issues that provide attackers and red teams a ubiquitous lateral movement opportunity with exploiting NTLM authentication hashes. This is a big pain point for large organizations which, for various reasons, cannot stop using the NTLM protocol.
In addition, we patch "0day" vulnerabilities when they become known to us; we currently have patches for one important 0day vulnerability that allows any user in a Windows domain to disable Windows Event Logging on any domain computer, but we have previously had many others (that Microsoft eventually patched) and we expect to have many more in the future.
Finally, we also patch "0day" vulnerabilities in non-Microsoft products. Occasionally a vulnerability in such product also needs to be patched when some vulnerable version is widely used, or the vendor doesn't produce a patch in a timely manner. Currently these products include Java runtime, Adobe Reader, Foxit Reader, 7-Zip, WinRAR, Zoom for Windows, Dropbox app, and NitroPDF.
- In order to have our patches downloaded and applied to a computer, 0patch Agent - our lightweight Windows application - has to be installed and linked to your 0patch account.
- In contrast to Microsoft's 3 years of ESU, our patches for Windows 10 22H2 will be provided for at least 5 years - and likely longer if needed.
- Finally, our patches cost 25 EUR or 35 EUR per computer per year (depending on whether you need central management and enterprise features), and the price will not double each year.
Comments
0 comments
Please sign in to leave a comment.