0patch

@[email protected]
849 Followers
371 Following
202 Posts
Critical security patches for Windows, https://0patch.com
Web sitehttps://0patch.com
Twitterhttps://twitter.com/0patch
Searchtfr
Show thread0patch20h ago
We'd like to thank SSD Secure Disclosure (@securiteam_ssd) for discovering this vulnerability and publishing their analysis, which allowed us to create a patch and protect 0patch users against this issue.
0patch20h ago
Micropatches released for Desktop Windows Manager Elevation of Privilege Vulnerability (CVE-2025-55681)
https://blog.0patch.com/2026/03/micropatches-released-for-desktop.html
Show thread0patch5d ago

Patches were written for:
- Microsoft Office 2016 and 2019 click-to-run with all available updates (version 2508, build 19127.20302)
- Microsoft Office 2010 and 2013 with all available updates

Office 2016 and 2019 volume license received an official patch from Microsoft.

We'd like to thank Alberto Bruscino (https://x.com/ErPaciocco) for sharing vulnerability details and POC, which allowed us to create a patch for this issue and protect our users.

Alberto Bruscino (@ErPaciocco) on X

CyberSecurity Researcher 👨🏻‍💻 Where the true research begins...

X (formerly Twitter)
0patch5d ago
Micropatches released for Microsoft Access Remote Code Execution Vulnerability (CVE-2025-62552)
https://blog.0patch.com/2026/03/micropatches-released-for-microsoft.html
Show thread0patchFeb 11
We'd like to thank Đào Tuấn Linh (@tuan_linh_98) and Chen Le Qi (@cplearns2h4ck) of Starlabs (https://starlabs.sg/) for discovering this vulnerability and publishing their analysis, which allowed us to create a patch and protect 0patch users against this issue.
STAR Labs

STAR Labs

STAR Labs
0patchFeb 11
Micropatches released for Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2024-43626)
https://blog.0patch.com/2026/02/micropatches-released-for-windows.html
0patchFeb 10
Show threadmkolsekFeb 10
The 0day thus became CVE-2026-21525
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525
Security Update Guide - Microsoft Security Response Center

0patchFeb 10
Show threadmkolsekFeb 10
With February 10, 2026 Windows Updates, Microsoft patched this vulnerability on still-supported affected Windows versions. By that time, @0patch users on both supported and legacy Windows versions have had this vulnerability already patched for 60 days.
Show thread0patchFeb 3
We'd like to thank Quan Jin (@jq0904
) with DBAPPSecurity (https://dbappsecurity.com
) for sharing vulnerability details and POC, which allowed us to create a patch for this issue and protect our users.
Show thread0patchFeb 3

The attacker would have to convince the user to open their malicious Excel document. Upon opening the document, Excel complains that the document was damaged and offers to recover it; choosing "Yes" to start the recovery process leads to the vulnerability being triggered.

Among our security-adopted (https://support.0patch.com/hc/en-us/artic
les/4403751356050-Which-Windows-products-has-0patch-security-adopted
) Office versions, we found this vulnerability to affect not only Office 2016 and 2019 click-to-run, but also Office 2013. Office 2010 is not affected.