{"id":16887,"date":"2020-11-26T00:47:00","date_gmt":"2020-11-25T23:47:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=16887"},"modified":"2022-06-27T09:19:39","modified_gmt":"2022-06-27T07:19:39","slug":"0patch-fixt-0-day-schwachstelle-in-windows-7-server-2008-r2","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/11\/26\/0patch-fixt-0-day-schwachstelle-in-windows-7-server-2008-r2\/","title":{"rendered":"0patch fixes 0-day vulnerability in Windows 7\/Server 2008 R2"},"content":{"rendered":"

\"win7\"[German<\/a>]ACROS Security has released a micropatch for a 0-day vulnerability in Windows 7 and Server 2008 R2 (without ESU license). Here is some information about this micropatch.<\/p>\n

The 0-day vulnerability<\/h2>\n

\"\"On November 12, 2020, security researcher Cl\u00e9ment Labro released a detailed analysis<\/a> of a local privilege escalation vulnerability affecting Windows 7 and Windows Server 2008 R2. On a typical Windows 7 and Server 2008 R2 machine, a tool written by the security researcher discovered that all local users have write permissions to two registry keys:<\/p>\n

HKLM\\SYSTEM\\CurrentControlSet\\Dienste\\Dnscache
HKLM\\SYSTEM\\CurrentControlSet\\Dienste\\RpcEptMapper<\/p>\n

Cl\u00e9ment  discovered that Windows performance monitoring can be tricked into reading from these keys – and loading a DLL provided by a local attacker. This DLL is not loaded and executed as a local user, but as a local system.<\/p>\n

A standard local user can create a performance subkey in one of the above keys on the computer. If he enters some values into the subkey and triggers performance monitoring, it causes a local system WmiPrvSE.exe process to load the attacker's DLL and execute code from it.<\/p>\n

0patch fix for Windows 7 SP1\/Server 2008 R2<\/h2>\n

ACROS Security  has developed a micropatch for the 0-Day vulnerability The developer Mitja Kolsek has pointed me via a private message to this tweet<\/a> with information about the release of the micropatch for Windows 7 SP1 and Windows Server 2008 R2. Details about the patch can be found in this blog post<\/a>.<\/p>\n

 \"0patch<\/a>
(0patch Fix or the 0-Day vulnerability) <\/p>\n

This micropatch is now available for all 0patch users with FREE and PRO license and is already applied to all online computers with 0patch Agent (except in non-standard enterprise configurations). As always, there is no need to restart the computer and users' work is not interrupted. For information on how the 0patch Agent works, which loads the micro-patches into memory at runtime of an application, please refer to the blog posts (e.g. here<\/a>) I have linked below.  <\/p>\n

Similar articles:
<\/strong>Windows 7: Forcing February 2020 Security Updates<\/a> \u2013 Part 1
Windows 7: Securing with the 0patch solution<\/a> \u2013 Part 2
Windows 7\/Server 2008\/R2: 0patch delivers security patches after support ends<\/a>
Project: Windows 7\/Server 2008\/R2 Life Extension & 0patch one month trial<\/a>
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674<\/a>
0patch: Fix for Windows Installer flaw CVE-2020-0683<\/a>
0patch fix for Windows GDI+ vulnerability CVE-2020-0881<\/a>
0-day vulnerability in Windows Adobe Type Library<\/a>
0patch fixes CVE-2020-0687 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1048 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1015 in Windows 7\/Server 2008 R2<\/a>
0patch for 0-day RCE vulnerability in Zoom for Windows<\/a>
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability<\/a>
0patch fixes CVE-2020-1113 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1337 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1530 in Windows 7\/Server 2008 R2<\/a>
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2<\/a>
0patch fixes CVE-2020-1062 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1300 in Windows 7\/Server 2008 R2<\/a> <\/p>\n

0patch supports Office 2010 with micro patches after the end of support (EOL)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

[German]ACROS Security has released a micropatch for a 0-day vulnerability in Windows 7 and Server 2008 R2 (without ESU license). Here is some information about this micropatch.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[991,1079,17,159],"class_list":["post-16887","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-0patch","tag-sicherheit","tag-windows-7","tag-windows-server"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/16887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=16887"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/16887\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=16887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=16887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=16887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}