A French security researcher accidentally discovered a vulnerability zero days It affects the Windows 7 and Windows Server 2008 R2 operating systems while working on an update to a Windows security tool.
The vulnerability resides in two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations, ZDNet reports citing the French IT security specialist Clement Labro, according to a work published by Sputnik.
Labro claims that an attacker who has a foothold in vulnerable systems can modify these registry keys to activate a subkey normally used by the Windows performance monitoring mechanism.
Performance subkeys are often used to monitor the performance of an application and, thanks to their function, they also allow developers to upload their own dll file to monitor performance using custom tools.
It clarifies that compromised components cannot harm users of new versions of the operating system, but in Windows 7 and Windows Server 2008 they have no limited privileges. The expert described the problem as a zero-day vulnerability, that is, a malicious system that still lacks security mechanisms against them. Labro stressed that he found the vulnerability by accident.
The expert briefed Microsoft engineers and also posted information about the problem on its website. The ZDNet editorial team reached out to company representatives for comment but received no response.