By 
A French security scientist has inadvertently found a zero-day flaw that affects the Windows 7 and Windows Server 2008 R2 operating systems while working on an update to a Windows security tool.
The bug was discovered in two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations.
Clément Labro, the researcher who discovered the zero-day, says that a hacker that has a base on defected systems can adjust these registry keys to trigger a sub-key typically employed by the Windows Performance Monitoring mechanism.
“Performance” subkeys are typically used to monitor an app’s performance, and, due to their role, they also let developers load their own DLL files to track performance using custom tools.
While on recent versions of Windows, these DLLs are typically limited and loaded with limited privileges, Labro said that on Windows 7 and Windows Server 2008, it was still possible to load custom DLLs that ran with SYSTEM-level privileges.
The researcher said he revealed the zero-day after he released an update to PrivescCheck, a tool to check common Windows security misconfigurations that can be exploited by malware for privilege escalation.
He said he didn’t know the new checks were underlining a new and unfixed privilege escalation technique until he started probing a string of alerts appearing on older systems like Windows 7, days after the release.
It is uncertain if Microsoft will fix Labro’s new zero-day; nevertheless, ACROS Security has already put together a micro-patch, which the company released earlier.
