[ad_1]
A French security researcher accidentally discovered a zero-day or Zero Day. This affects operating systems Windows 7 and Windows Server 2008 R2. In the meantime, an update to a Windows security tool is underway.
A Zero Day Vulnerability in Windows 7 needs to be addressed
The vulnerability resides in two registry keys for incorrectly configured services RPC Endpoint Mapper Y DNSCache which are part of all Windows installations.
- HKLM, SYSTEM, CurrentControlSet, Services, RpcEptMapper
- HKLM-SYSTEM-CurrentControlSet-Services-Dnscache
The French security investigator Clement Labro, was the one who discovered the vulnerability in Windows 7. It says that an attacker who has a foothold in vulnerable systems can modify these registry keys to activate a subkey. Generally used by the Windows performance monitoring mechanism.
The subkeys “Performance” they are often used to monitor the performance of an application. And because of their role, they also allow developers to load their own DLL files. With the aim of monitoring performance using customized tools.
In recent versions of Windows, these DLLs are often restricted and loaded with limited privileges. Labro said that in Windows 7 and Windows Server 2008 it was still possible to load custom DLLs. These were done with system level privileges.
A problem discovered and discovered accidentally
Labro said he discovered the vulnerability in Windows 7 by releasing an update to PrivescCheck. A tool to check for common Windows security configuration errors that can be misused by privilege escalation malware.
The update, released last month, added support for a new set of checks for privilege escalation techniques.
Labro said he didn’t know the new tickets were in evidence a new unpatched privilege escalation method until it began investigating a series of warnings that appear on older systems like Windows 7, days after launch.
At this point, it was too late for the investigator to report the problem privately to Microsoft and the investigator choose your blog on the new method.
So much Windows 7 such as Windows Server 2008 R2 they have officially reached end of life (EOL) and Microsoft has stopped providing free security updates. Some security updates are available to Windows 7 users through the company’s paid support program Extended Support Updates (ESU), but A patch has not yet been released for this issue.
It is unclear whether Microsoft will patch the new one Zero Day by Labro; however, ACROS Security has already created a micro-patch, which the company released today. The micro-patch is installed via security software 0patch from the company and prevents malicious actors from exploiting the bug via the unofficial ACROS patch.
Source link
