Dropbox victim of a zero-day vulnerability that puts installations on Windows computers at risk

We are increasingly concerned about the security of our data and that offered by the applications and tools we use on our computers. Whether via PC or mobile or by using cloud-based platforms, we are attentive to any threat that may arise in this regard, with Facebook or Twitter as our two examples.

It is now Dropbox, the popular application that allows us to have space in the cloud, which has a zero-day vulnerability that has not yet been correcteddefinitively.A failure that can put Windows computers that use Dropbox at risk and for which there is only a temporary solution for now.

No final patch

"

The flaw in question allows an attacker access to reserved permissions in the System> folder, one of the most sensitive sections of the system. A bug that the Dropbox Updater (DropboxUpdater), which is installed as a service with two scheduled tasks that run with system permissions and that with tests carried out by researchers, allows obtaining a command line shell with SYSTEM privileges."

The failure was notified to the company, to Dropbox, in September, within the period indicated for these cases, but after 90 days there is still no solutionor have not offered it. There is only one statement from Dropbox referring to the problem and notifying that they are working on a solution that should arrive in the coming weeks:

For now there is no official solution from the company and to remedy, even temporarily, you have to do use of workaround via 0Patch. It is a platform that offers micropatches for bugs that have not yet been officially corrected. In the words of Mitja Kolsek, CEO of the company Acros Security

This patch is temporary, as they themselves warn. Fixes only the vulnerable part and makes it unnecessary to restart the computer for it to work. However, this is only a temporary solution until Dropbox releases an update that can be used locally but could also allow a chain attack.

Source | BleepingComputer.