Zero-day bug in Windows 7 and Windows Server 2008

A local privilege escalation (LPE) affecting all Windows 7 and Server 2008 R2 devices was fixed today via platform 0patch.

Zero-day affects all devices affected by Microsoft Extended Security Updates (ESU).

 

At present, only small and medium-sized enterprises or organizations with licensing agreements can obtain an ESU license until January 2023.

The LPE vulnerability comes from the incorrect configuration of two service registry keys and allows local attackers to increase their privileges on any fully updated Windows 7 and Server 2008 R2 system.

It was discovered by security researcher Clément Labro, who he published his research earlier this month, stating how insecure rights in registry keys

HKLM \ SYSTEM \ CurrentControlSet \ Services \ Dnscache and HKLM \ SYSTEM \ CurrentControlSet \ Services \ RpcEptMapper

allow intruders to defraud the RPC Endpoint Mapper service to load malicious DLLs.

This allows them to obtain arbitrary code execution within the service Windows Management Instrumentation (WMI) executed with rights LOCAL SYSTEM.

“In short, a local non-administrator user on the computer creates a sub , populates it with some values ​​and turns on performance monitoring, which drives a local system process (WmiPrvSE.exe) to load into the intruder DLL and run code from it, ”says Mitja Kolsek.

Free update for all affected Windows systems

0patch updates are sent through the 0patch platform to Windows clients for real-time security fixes and are applied to current processes without requiring a system reboot.

This micropatch is available to everyone for free until Microsoft releases a formal bug fix and troubleshooting bad registry license.

The micropatch "sabotages the performance monitoring features for the two affected services, Dnsclient and RpcEptMapper," says 0patch.

Below is a video showing how to block it :

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).