Although Microsoft has already ceased update support for Windows 7, vulnerabilities remain in the operating system. A security researcher has identified a new exploitable zero-day vulnerability.
French security researcher Clément Labro identified a zero-day vulnerability affecting Windows 7 and Windows Server 2008 R2 operating systems while working on an update to a Windows security tool. The vulnerability was found in two misconfigured registry keys of the RPC Endpoint Mapper and DNSCache services.
According to Labro, an attacker has the ability to modify the vulnerable registry keys to activate a subkey used by the Windows Performance Monitoring mechanism. “Performance” subkeys are often used to monitor the performance of an application, and by their nature, developers can load their own DLLs to monitor performance and use their own special tools.
Labro found the vulnerability after releasing an update for PrivescCheck, which was used to control Windows security configurations that could be exploited by malware. Under normal circumstances, although the attributes of the DLLs in question are restricted in current versions of Windows and a limited number of privileges are granted, according to Labro, it is still possible to install special DLLs with system level privileges in Windows 7 and Windows Server 2008.
Although most security researchers reported it directly to Microsoft when they detected a serious vulnerability, it was long overdue when Labro discovered the vulnerability. That’s why Labro chose to share an article on his personal blog rather than reporting the problem to Microsoft. Microsoft has not yet made a statement on the subject.