A security vulnerability is incorrectly detected in Windows 7 |
A French security researcher accidentally discovered a vulnerability affecting Windows 7 and Windows Server 2008 R2 while investigating updates to Windows Security Tools.
The vulnerability is in two misconfigured registry entries for the RPC Endpoint Mapper and the DNSCache service on all Windows installations.
French security researcher Clément Labro said: Attackers who gain access to vulnerable systems can modify these registry keys to activate subkeys commonly used by Windows performance monitoring mechanisms.
Performance subelements are often used to monitor application performance. Because of their role, developers can also download DLL files to track performance with specialized tools.
In modern versions of Windows, these DLL libraries are usually limited and only have limited permissions.
Windows 7 and Windows Server 2008 still allow you to download special DLL libraries that use system-level permissions, Labro said.
Most security researchers will report similar serious security concerns to Microsoft when they discover security issues. However, it was too late for Labro.
Labro detects the vulnerability after releasing an update for PrivescCheck to check for common Windows security configuration errors that malware can misuse to lift permissions.
PrivescCheck update provides support for a number of new checks to augment credit technology.
I am not sure if the new scan provides a new way to raise permissions until I conduct the investigation through a series of warnings that appeared on the old system (like Windows 7), Labro said. A few days after the tool update was released.
At this point, it was too late for the researchers to report the problem to Microsoft, and the researchers decided to blog about the new method on their personal website.
Windows 7 and Windows Server 2008 R2 have officially expired and Microsoft no longer provides free security updates.
Windows 7 users can get security updates through a paid support program called (Extended Support Update) ESU. However, a solution to this problem has not yet been released.
It is not clear if Microsoft will fix the new vulnerability.