Security flaw hits Windows 7! The update is not from Microsoft

It was earlier this year that Microsoft ditched Windows 7 for good. This system lost all essential media and security updates, which kept it second and smooth.

Of course, many have not abandoned this proposal from Microsoft and have been so exposed to everything that came out. One of the most feared situations has now occurred, with a new flaw undiscovered compromising Windows 7.

New flaw in Windows 7

Since the end of support Microsoft is asking users to upgrade, their operating systems. Windows 7 has lost support and is therefore exposed to the vulnerabilities that arise. Microsoft offers updates, but only to companies that have paid for them.

A new flaw has been discovered, seemingly by accident, which leaves this Microsoft system vulnerable and exposed to attack. This was revealed by Clément Labro, a security expert, who detected it when one of his apps encountered problems with the Registry of this version of Windows.

The security issue is serious for users

When using a tool to evaluate privilege configuration issues, it found that 2 registry keys are accessible by any user. While it may seem harmless at first glance, it can be used to load attackers’ DLLs.

By performing this process, which appears to be simple to perform, attackers gain elevated permissions. I am able to increase privileges and thus have full access to Windows 7. Microsoft is not expected to release an update for this problem.

0day in Windows 7 and Server 2008 R2 gets a Micropatch https://t.co/dUi1XQZbqJ pic.twitter.com/RUq9Tt3wJV

– 0patch (@ 0patch) November 25, 2020

There is an update, but it isn’t from Microsoft

The problem had to be discovered, but help came from the 0patch team. He had acted before to secure Windows 7 and this time he did the same again. There is a patch that corrects this problem, although it does bring some problems to these services.

This time, users of the discontinued version of Windows and Windows Server 2008 R2 seem to have the solution to a new security problem. Microsoft maintains its position and has this system discontinued and unsupported, despite the still many millions of users.