Windows 7 and Server Zero-Day Accidentally Discovered

French security researcher Clement Labro discovered a vulnerability in Windows 7 and Windows Server 2008 R2 operating systems while working on a security tool, said ZDNet. The bugs exist in two registry keys that come with every Windows installation.

According to Labro, a hacker can leverage these keys and modify them to activate a Performance subkey that would allow them to load malicious DLLs.

ADVERTISEMENT

The registry keys involved are RPC Endpoint Mapper and DNSCache services both found under HKLM\SYSTEM\CurrentControlSet\Services.

Windows 7 Zero-Day Accidentally Discovered

Labro clarified that current versions of Windows have placed restrictions and privilege limitations on the systems. However, Windows and Windows Server 2008 systems still allow the loading of custom DLLs that have SYSTEM-level permissions.

ADVERTISEMENT

The researcher was detected and publicized the vulnerability accidentally while working on a Windows security tool called PrivesCheck, which is used to find security misconfigurations. Released last month, this tool can be used to prevent privilege escalation by malware.

When run, the tool was able to detect the zero-day vulnerability, which Labro was not aware of before releasing it. However, he discovered the bug after looking into specific security alerts brought up by the tool.

According to TechRadar, Labro said, “I don’t know how this vulnerability has gone unnoticed for so long… Regarding the ‘misconfiguration’ itself, I would assume that the registry key was set this way for a specific purpose.”

ADVERTISEMENT

Both Windows operating systems have reached their end of life status, which means that Microsoft no longer releases free security support, but still offers patches through its Extended Support Updates (ESU) paid program which cost $25 and $200.

The company is yet to deploy an official fix and it is unclear if it will do so. It must be noted that companies are usually alerted in private, which did not happen in this case because the researcher released the tool before finding out about the specific vulnerability.

Digital security research lab ACROS Security developed and released a micro-patch, which can be installed using the lab’s 0patch software. The patch will prevent hackers from exploiting the flaw.

TechRadar noted that 0patch will serve as a temporary fix until Microsoft releases a fix through the ESU program.

Through its blog post, ACROS said, “According to our guidelines, this micro-patch is free for everyone until Microsoft issues an official fix for it (presumably only as part of Extended Security Updates).”

Moreover, the post remarked that the micro-patch has been distributed to all 0patch Agents that are online. It is also automatically applied to all available systems.

No posts to display