Researcher accidentally found 0-day bug in Windows 7 and Windows Server 2008

Vladimir Krasnogolovy
Vladimir Krasnogolovy
3 Min Read
0-day bug in Windows 7

French cybersecurity researcher Clément Labro was working on a security tool when he discovered that Windows 7 and Windows Server 2008 R2 were vulnerable to a 0-day local privilege escalation bug.

The expert writes that the vulnerability lies in two incorrectly configured registry keys for RPC Endpoint Mapper and DNSCache, which are part of all Windows installations:

  • HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper
  • HKLM\SYSTEM\CurrentControlSet\Services\Dnscache

For example, an attacker who has already entered the system can change these keys in such a way as to activate the subkey that is used for Windows Performance Monitoring.

This mechanism is used to monitor the performance of applications, and also allows developers to load their own DLL files to track their performance using special tools.

Although the latest versions of Windows typically load DLLs with limited privileges, Windows 7 and Windows Server 2008 can still load custom DLLs that will eventually run with SYSTEM privileges.writes Clément Labro.

Most researchers privately report serious security issues to Microsoft as soon as they were discovered, but in Labro’s case, it was too late. The fact is that the researcher found the problem after he released an update for his PrivescCheck tool, which is used to identify incorrect Windows security settings (they can be abused by malware to elevate privileges).

Thus, a new set of checks for privilege escalation methods has been added to the PrivescCheck update. Labro writes that he did not realize at the time that these checks reveal a new, unpatched way of elevating privileges.

After a few days after the release I started analysing the strange warnings that appeared on older systems such as Windows 7. Unfortunately, it was too late at that time to report the issue privately, so I just disclosed the details of the vulnerability I found on my blog.said Clément Labro.

Since support for Windows 7 and Windows Server 2008 R2 has long been discontinued, Microsoft has mostly stopped releasing security updates for these operating systems. Some updates are still available for Windows 7 users through the paid ESU (Extended Support Updates) program, but any fixes for the problem Labro found there either.

So far, only an unofficial micropatch from Acros Security, which develops 0pach, is available for users of older operating systems. Let me remind you that 0patch is a platform designed just for such situations, as fixing 0-day and other unpatched vulnerabilities, to support products that are no longer supported by manufacturers, custom software, and so on.

You Might Also Like

Number of linked with WhatsApp phishing URLs increased by 13 467%

Integris Health Hacked, Patients Receive Ransom Emails

LockBit Leader Identity Revealed, NCA Publishes More Data

Attackers can use Windows Update client to execute malicious code

Trigona Ransomware Hacked by Ukrainian Cyber Alliance

TAGGED:
Share This Article
By Vladimir Krasnogolovy
Follow:
Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.
Previous Article NATO experimented with deceptive techniques NATO experimented with deceptive techniques to combat Russian hackers
Next Article e-commerce sites over WordPress sites Hackers create scam e-commerce sites over hacked WordPress sites
Leave a comment

Stay Connected

Latest News

"Verify you are human" scam website explained
Verify you are Human Scam
Security News Tips & Tricks
Palo Alto Network Expedition Tool Exploited
Palo Alto Network Expedition Tool Exploited, CISA Warns
Security News
Exploiting AI for Voice-Based Scams
GPT-4o Used for Scams and Voice Phishing
Security News
Is UC Browser credible and safe?
UC Browser – Is it Legit? Analysis & Verdict
Cybersecurity Labs Security News