Settings | Apps | Apps & Features shows my current Office v18.2110.13110.0 app (as well Skype v15.79.95.0, which I’ve never used note that I don’t have Microsoft Teams installed on my computer) was updated via the Microsoft Store on 1 so I assume that Office app update was responsible for the AppBridge.dll file update. TreeSize Free (run as an Administrator with View | Hidden Items enabled in File Explorer) shows my AppBridge.dll file in C:Program FilesWindowsAppsMicrosoft.MicrosoftOfficeHub_18.2110.13110.0_圆4_8wekyb3d8bbwe has no version number (as noted in the 0pacth blog) but was updated 1 so I’m guessing I have a patched version. Thanks to the anonymous poster for pointing me to the correct folder that was mentioned at the bottom of the 0patch blog Micropatching “ms-officecmd” Remote Code Execution (No CVE).
DLL file was updated on 1 on my computer at the same time that the Windows AppX Installer v5.0 update was delivered via the Microsoft Store. Unfortunately, I searched C:Windows, C:Program Files and C:Program Data folders and can’t find the AppBridge.dll file mentioned in the 0patch blog, so I’m not sure if that. Is this the same Windows AppX Installer vulnerability described in Tips for the Week – What About the AppX Vulnerability? I checked my AppX Deployment Service today and it’s currently running on my computer and Settings | Apps | Apps & Features | App Installer | Advanced Options shows that my App Installer was updated to v5.0 on 1 (via the Microsoft Store) that patches this Windows AppX Installer vulnerability.Īfter reading that 0patch blog I was left with the impression that I’m fully patched because I received the App Installer update via the Microsoft Store.
This service (AppXSVC) is enabled on Windows 10 by default and gets started when needed… The situation is therefore such that a remote code execution vulnerability with no CVE ID assigned and official fix issued may have remained unfixed on an unknown number of computers worldwide. In this case, the fix was delivered through Windows Store – but only if the AppX Deployment Service was running. “ Having a fix delivered though an alternative mechanism instead of Windows Update is not unprecedented in Windows, but can depend on assumptions that may not always be true. According to the 0patch Blog entry Micropatching “ms-officecmd” Remote Code Execution (No CVE) mentioned in Susan’s Zero Day Still Unpatched: