From zdnet.com
A French security researcher has accidentally discovered a zero-day vulnerability that impacts the Windows 7 and Windows Server 2008 R2 operating systems while working on an update to a Windows security tool.
The vulnerability resides in two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations.
- HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper
- HKLM\SYSTEM\CurrentControlSet\Services\Dnscache
French security researcher Clément Labro, who discovered the zero-day, says that an attacker that has a foothold on vulnerable systems can modify these registry keys to activate a sub-key usually employed by the Windows Performance Monitoring mechanism.