Although Windows 7 has been without user support for more than a year (companies can buy extended update packages for a fee), Microsoft‘s operating system refuses to die. There are still a large number of users who use this operating system on a daily basis, despite the dangers of doing so. Although the system seems safe, under the hood there are all kinds of faults and possible problems that can endanger our safety.
This same week, Microsoft has released the security patches corresponding to April 2021 for its operating systems. Although we generally always refer to Windows 10 patches, its predecessor, Windows 7, also received several fixes. One of the most important, partially corrected in secret, allowed to gain privileges locally within the operating system , endangering all users of Windows 7 and Server 2008 R2 edition.
Windows 7 crash is due to bad default settings
This security flaw, found by an independent researcher, is due to a series of insecure permissions on the registry keys of the ” RpcEptMapper ” and ” DnsCache ” services. These permissions allow a local user to fool the operating system’s RPC Endpoint Mapper service into loading malicious DLL files. Due to this, any non-administrator user could run remote code on the system, with SYSTEM permissions , through the WmiPrvSE.exe process.
Since last February, there is an open source tool that has an exploit specially designed to take advantage of the failure in the RpcEptMapper key. Therefore, it is thought that hackers could have been taking advantage of this flaw over the Internet. This security flaw has been kept secret for a while until, finally, Microsoft has solved it in secret. Therefore, it is not even registered as a vulnerability yet, that is, it does not have a CVE code assigned .
The April 2021 patches for Windows 7 partially addressed this issue. The company has changed the permissions for RpcEptMapper to prevent anyone from using this registry entry without permission. However, you have not changed the permissions for DnsCache, so the bug is still open.
Temporary solution to the security problem
Microsoft shouldn’t take much longer to definitively fix these problems. Surely, with the next security patches for Windows 7 (only for users within the ESU update program), Microsoft will definitely cover these two flaws, leaving users a little more secure.
If we don’t want to wait, and we want to protect ourselves from this problem as soon as possible, we can resort to an external tool known as 0Patch . This software applies a series of micro-patches directly to the system memory (it does not modify its files) to correct all kinds of vulnerabilities. Within the list of patches we can find those of RpcEptMapper and DnsCache, temporarily covering these problems until Microsoft finishes releasing the update definitively.
However, if at this point we are still using a PC with Windows 7 or Server 2008 R2, the least of our concerns should be a privilege escalation error like this.