Microsoft has partially fixed a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. This LPE vulnerability stems from the misconfiguration of two service registry keys. Microsoft addressed the issue (tracked as CVE-2021-27091) for the RpcEptMapper registry key (as discovered by 0patch) in the April 2021 Windows Updates (ESU) release by changing permissions to no longer include ‘Create Subkey’ for Authenticated Users and Users.
Source: https://www.bleepingcomputer.com/news/security/microsoft-partially-fixes-windows-7-server-2008-vulnerability/