Security News > 2020 > November > Unofficial Patch Released for Windows 7 Zero-Day Vulnerability
An unofficial patch is now available through ACROS Security's 0patch service for a zero-day vulnerability identified earlier this month in Windows 7 and Windows Server 2008 R2. The privilege escalation flaw, detailed by security researcher Clément Labro on November 12, exists because all users have write permissions for HKLMSYSTEMCurrentControlSetServicesDnscache and HKLMSYSTEMCurrentControlSetServicesRpcEptMapper, two keys that could be used for code execution.
Specifically, the researcher discovered that a local non-admin user could target any of the two keys to create a Performance subkey, then trigger performance monitoring to load an attacker DLL through the Local System WmiPrvSE.exe process, and execute code from it.
Both Windows 7 and Windows Server 2008 R2 reached end of support on January 2020 and are currently in the Extended Security Updates period, but will no longer receive security fixes past January 2023.
As part of its 0patch service, the Slovenia-based company has now released an unofficial, free micropatch for the newly disclosed zero-day, to eliminate the use of this specific Performance key, thus preventing its abuse.
The micropatch, which can be viewed in action in this video, targets Windows 7 and Server 2008 R2 computers with and without ESU, which have the November 2020 or January 2020 updates, respectively.
News URL
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)