Windows 7, despite the years, continues to be used by many people and, recently, a new free patch has been released, via the 0patch platform, which resolves a dangerous LPE (Local Privilege Escalation) vulnerability affecting both Windows 7 and Windows Server 2008 R2, whether without ESU - Extended Security Updates - (therefore updated until last January) or with ESU (with patches until November 2020).
As indicated by colleagues at Bleeping Computer, the LPE vulnerability derives from the wrong configuration of two registry keys and allows local attackers to elevate their privileges on any unprotected Windows 7 and Server 2008 R2 system.
It was discovered by security researcher Clément Labro who published the his research earlier this month detailing how insecure permissions on HKLM \ SYSTEM \ CurrentControlSet \ Services \ Dnscache and HKLM \ SYSTEM \ CurrentControlSet \ Services \ Rp cEptMapper allow attackers to trick the RPC Endpoint Mapper service to load malicious DLLs.
Read Also: Windows 10 20H2, here's how to disable cloud content in the taskbar
This allows them to execute arbitrary code in the context of the Windows Management Instrumentation (WMI) service with LOCAL SYSTEM permissions.
«In short, a local user who is not an administrator of the computer simply creates a Performance subkey in one of the previous keys, populates it with some values and activates the performance monitoring, which leads to the loading of the DLL by the WmiPrvSE.exe process on the local system »- as explained by the co-founder of 0patch, Mitja Kolsek.
0patch micropatches are sent via the 0patch platform to Windows clients to correct security problems in real time and applied to running processes without requiring a system restart. The micropatch will be available for free to everyone until Microsoft releases an official fix to the problem.
You can see how it works directly from the video in the player below.
You need a license to Windows 10 Pro for your brand new gaming PC? On Amazon it is available for a few euros, do not miss it.
As indicated by colleagues at Bleeping Computer, the LPE vulnerability derives from the wrong configuration of two registry keys and allows local attackers to elevate their privileges on any unprotected Windows 7 and Server 2008 R2 system.
It was discovered by security researcher Clément Labro who published the his research earlier this month detailing how insecure permissions on HKLM \ SYSTEM \ CurrentControlSet \ Services \ Dnscache and HKLM \ SYSTEM \ CurrentControlSet \ Services \ Rp cEptMapper allow attackers to trick the RPC Endpoint Mapper service to load malicious DLLs.
Read Also: Windows 10 20H2, here's how to disable cloud content in the taskbar
This allows them to execute arbitrary code in the context of the Windows Management Instrumentation (WMI) service with LOCAL SYSTEM permissions.
«In short, a local user who is not an administrator of the computer simply creates a Performance subkey in one of the previous keys, populates it with some values and activates the performance monitoring, which leads to the loading of the DLL by the WmiPrvSE.exe process on the local system »- as explained by the co-founder of 0patch, Mitja Kolsek.
0patch micropatches are sent via the 0patch platform to Windows clients to correct security problems in real time and applied to running processes without requiring a system restart. The micropatch will be available for free to everyone until Microsoft releases an official fix to the problem.
You can see how it works directly from the video in the player below.
You need a license to Windows 10 Pro for your brand new gaming PC? On Amazon it is available for a few euros, do not miss it.