A critical vulnerability was discovered in outdated OS versions from Microsoft , reports the ZDNet edition.
French cybersecurity specialist Clément Labro found an issue in Windows 7 and Windows Server 2008. Security flaws were found in the Endpoint Mapper and DNSCache components that are used during OS installation. According to Labro, an attacker could guess the registry keys and gain access to the system.
It is clarified that compromised components cannot harm users of new OS versions, but in Windows 7 and Windows Server 2008 they do not have limited privileges. The specialist described the problem as a zero day vulnerability, that is, it belongs to such malicious systems against which protective mechanisms have not yet been developed. Labro emphasized that he found the vulnerability by accident.
The expert notified Microsoft engineers and also published information about the problem on his website. ZDNet’s editors approached the company’s representatives for comment, but did not receive a prompt response. Reporters noted that the vulnerability could pose a threat to users of outdated operating systems, as Microsoft has stopped issuing security patches for them.
In November, found a zero-day vulnerability in Windows that allows OS. Using the found bug, hackers can elevate the privileges of certain processes in the system to bypass security mechanisms.