The newly discovered zero-day free and temporary fix for Windows 7 and Server 2008 R2 was released by Patch 0, to prevent local privilege from being actively exploited in the increasingly vulnerable forests.
The bug affects all devices running Windows 7 and Server 2008 R2, regardless of whether or not these devices are enrolled in Microsoft’s Extended Security Updates (ESU) program, which can cost from $ 25 to $ 200 per workstation.
The free micro-patch released by Patch 0 will prevent local privilege enhancement from being exploited by cybercriminals for organizations that do not have ESU, and will serve as a temporary solution for organizations registered in the program until Microsoft releases a more permanent solution to the problem.
0 patch For more details on its new micro patch a Website, Says:
“According to our guidelines, this micro-patch is free to all (only part of the extended security updates) until Microsoft releases the official solution. By the time you read this, Microbatch has already been distributed to all 0 Patch Agents, and enterprise policies will be used automatically except where it is blocked.”
If you are not yet a 0patch user and want to install micro patch on your computers, you can create an account 0 Patch Central, Install 0 Patch Agent and register in your account.
Incorrectly configured registration keys
Local privilege expansion vulnerability is the result of incorrect configuration of two service log keys, and the error allows a local attacker to boost their privileges on any computer running Windows 7 and Server 2008 R2.
Security analyst Clement Labro recently discovered zero day, he recently released his analysis and source for the concept, which enabled 0 Patch to build its new micro patch for Windows users.
HKLM SYSTEM CurrentControlSet Services Dnscache and HKLM SYSTEM CurrentControlSet Services RpcEptMapper Unsecured Permissions on the Registry Enable RPC Endpoint Mapper to load malicious DLLs.
Labro explained that he was surprised that the damage he discovered was not soon found in him Report Zero describes tomorrow, as follows:
“I do not know how this vulnerability went unnoticed for so long. One explanation is that other tools may have sought full writing access to the registry, while in this case AppendData / AddSubdirectory was actually sufficient. Regarding” incorrect configuration “, I think the registry key was set for a specific purpose. I can’t think of a definite situation where users would have any permission to change the configuration of a service. “
If you are running Windows 7 or Server 2008 R2 on your computer, you will now need to install Micro Patch 0 Talk regardless of whether you are enrolled in Microsoft’s ESU program.
Professional bacon fanatic. Explorer. Avid pop culture expert. Introvert. Amateur web evangelist.