A French security researcher accidentally discovered a vulnerability affecting Windows 7 and Windows Server 2008 R2 while working on the Windows Security Tool update.
The vulnerability lies in two incorrectly configured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations.
French security researcher Clément Labro says: An attacker with access to vulnerable systems can modify these registry keys to activate a subkey that is usually used by the Windows monitoring mechanism.
It is usually used Performance subkeys To monitor application performance, and because of its role, it also allows developers to load DLL files to track performance using special tools.
While it is usually done in recent versions of Windows Restrict these DLL libraries and provide them with limited privileges.
According to Labroo: It is still possible in Windows 7 and Windows Server 2008 to load special DLL libraries that work with system-wide privileges.
It informs most of the security researchers Microsoft Report serious security issues like these when they find them, however In Labro’s case, it was too late.
Labro said he discovered the vulnerability after he released a tool update PrivescCheck To check for common incorrect Windows security configurations, which malware can misuse to escalate privileges.
The PrivescCheck update added support for a new set of checks for privilege escalation techniques.
Labro said: I did not know that the new checks shed light on a new way to escalate privileges until I started the investigation with a series of alerts that appeared across old systems, such as Windows 7, days after the tool update was released.
By that time, it was The time The researcher was too late to report the problem to Microsoft, opting for the researcher instead Blogging About the new method via his personal website.
And Windows 7 and Windows Server 2008 R2 have officially reached the end of life, and Microsoft has stopped providing free security updates.
Some security updates are available for Windows 7 users through the paid support program called (Extended Support Updates) ESU, but a fix for this issue has not yet been released.
It is not clear whether Microsoft will fix the new vulnerability.
–
