Tuesday, April 9, 2019
Operating System Security Flaws Essay Example for Free
Operating System Security Flaws EssayAs base users, security is one feature that most of us overlook when it comes to operating systems until it is too late. In this authorship we go away discuss the security blurs within the Windows Operating system, and then discuss countermeasures to fix the system flaw. We will first look at some known flaws in Windows 7 and Windows 8. An Information Security organise at Google had decided to reveal a flaw that affected two of Microsofts newest operating systems that allowed attackers to nonplus higher privileges on an un shucksed computer. The photograph was caused due to an error within the win32k.sys when it processes certain objects and it can be exploited to cause a crash or perform arbitrary code with kernel privilege. A more recent flaw in Windows has been identified as the Zero-Day Vulnerability the Microsoft Windows Object Linking and Embedding (OLE) package manager away code execution vulnerability (CVE-2014-4114) permits attackers to embed OLE files from external locations. CVE-2014-4114 flaw can be exploited to download and install malware on to the targets computer.This vulnerability affects all versions of Windows to include Windows Vista Service herd 2, Windows 8.1 and Windows master of ceremonies versions 2008 and 2012. The Microsoft technology allows rich data from one document to be implant in other document or link to a document. The OLE is usually used for embedding locally stored content but this flaw allows the unprompted download and execution of external files. The attackers position the targeted individuals or corporations a spear-phishing email that contains a malicious PowerPoint (PPT) file attachment this email is detected by Symantec as Trojan.Mdropper. The sent file contains two embedded OLE documents containing URLs. If the targeted individual opens the PPT file, the URLs are contacted and two files are downloaded which in turn will install the malware on the computer. When the malware is installed on the victimscomputer, this creates a back door that allows the attackers to download and install other malware the malware can to a fault download updates for itself to include an information stealing component.Microsoft is advising customers that there is no patch currently available for this vulnerability they have supplied a fixit legal document that decreases the attacks. While the present exploits are using PowerPoint files to deliver the malware, given the typecast of flaw, they may start using different office files such as word documents or outstrip spreadsheets. The second zero-day vulnerability is CVE-2014-4113, which is a local elevation of privilege vulnerability this flaw has been seen in attacks against Windows Server 2003/R2, 2008/R2, Windows 2000, Windows Vista and Windows XP SP3. This flaw cannot be used on its own to compromise a victims security. The attacker would need to gain access to a remote system running any of the preceding(p renominal) lists operating systems before they could execute code within the context of the Windows Kernel. (Sandworm Windows Zero-Day Vulnerability Being Actively utilise In Targeted Attacks, 2014).Microsofts security advisory states the company is vigorously working to provide broader protections to their customers the company states that the closedown of the issue may include providing a security update through a monthly patch update or providing an unscheduled security update. As stated above Microsoft issued a temporary fixit tool that can be applied to 32-64 bit versions of PowerPoint 2007, 2010 and 2013. This can be used until an official patch is released. similarly another countermeasure to avoid downloading malware on to your operating system is not open any PowerPoint Presentations or documents from unknown parties, even mail from known addresses should be avoided unless you can confirm with the sender that the email was intentionally sent. some(prenominal) emails are compromised because some individuals make their passwords to easy or they have downloaded spyware and the attacker gets that information and uses their email to send out their virus to other users. I have received emails from my mother when I didnt behave them and I would inform her that her email had been hacked. Many are not aware that this has happened unless they are told,ReferencesGoogle Engineer Finds overcritical Windows 7 / 8 SecurityFlaw. (2001-2014). Retrieved from http//news.softpedia.com/news/Google-Engineer-Finds-Critical-Windows-7-8-Security-Flaw-355406.shtml Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks. (2014). Retrieved from http//www.symantec.com/ wed/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.