[German]ACROS Security has released a micropatch for a 0-day vulnerability in Windows 7 and Server 2008 R2 (without ESU license). Here is some information about this micropatch.
The 0-day vulnerability
On November 12, 2020, security researcher Clément Labro released a detailed analysis of a local privilege escalation vulnerability affecting Windows 7 and Windows Server 2008 R2. On a typical Windows 7 and Server 2008 R2 machine, a tool written by the security researcher discovered that all local users have write permissions to two registry keys:
Clément discovered that Windows performance monitoring can be tricked into reading from these keys – and loading a DLL provided by a local attacker. This DLL is not loaded and executed as a local user, but as a local system.
A standard local user can create a performance subkey in one of the above keys on the computer. If he enters some values into the subkey and triggers performance monitoring, it causes a local system WmiPrvSE.exe process to load the attacker’s DLL and execute code from it.
0patch fix for Windows 7 SP1/Server 2008 R2
ACROS Security has developed a micropatch for the 0-Day vulnerability The developer Mitja Kolsek has pointed me via a private message to this tweet with information about the release of the micropatch for Windows 7 SP1 and Windows Server 2008 R2. Details about the patch can be found in this blog post.
This micropatch is now available for all 0patch users with FREE and PRO license and is already applied to all online computers with 0patch Agent (except in non-standard enterprise configurations). As always, there is no need to restart the computer and users’ work is not interrupted. For information on how the 0patch Agent works, which loads the micro-patches into memory at runtime of an application, please refer to the blog posts (e.g. here) I have linked below.
Windows 7: Forcing February 2020 Security Updates – Part 1
Windows 7: Securing with the 0patch solution – Part 2
Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
Cookies helps to fund this blog: Cookie settings