threats and vulnerabilities
Jeramie Feenstra
Richard De La Cruz
Window 7 vulnerabilities
Local Security Authority Subsystem Service
There is a recently discovered vulnerability in the Local Security Authority Subsystem Service which can cause a denial of service attack if a hacker sends a packet containing malicious files during NTLM authentication. NTLM protocol refers to the Windows NT LAN Manager which is used to authenticate logons to PCs that are connected to the network.
The security update provided by Microsoft includes updates for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and the new Windows 7 operating systems.
User Account Controls
Microsoft changed and upgraded the User Account Control settings for Windows 7 to make it more flexible for users. Some of the UAC applications are channeled through the User Account Controls to reduce user interaction. As a result, the vulnerability is apparent when the third party application calls on files by proxy through an existing Windows application which never uses the UAC prompt application.
1. File and share permissions that give up everything to everyone -- This is easily the biggest vulnerability I'm seeing with Windows systems regardless of the type of system or Windows version. Users who create shares to make their local files available across the network are typically the culprits. Sometimes it's careless admins; other times they're honest mistakes. Unfortunately, all too often the "Everyone group" is given full access to every file on the system. Then, all it takes is for an insider to search for sensitive keywords stored in .pdf, .xls, .doc and other file formats using a text search tool such as Effective File Search or FileLocator Pro. Odds are -- nearly 100% of the time -- the attacker will come across sensitive information (SSNs, credit card numbers, you name it) that they shouldn't have access to. Best case scenario, this is an identity theft in the making. Worst case, this becomes a serious breach that
Richard De La Cruz
Window 7 vulnerabilities
Local Security Authority Subsystem Service
There is a recently discovered vulnerability in the Local Security Authority Subsystem Service which can cause a denial of service attack if a hacker sends a packet containing malicious files during NTLM authentication. NTLM protocol refers to the Windows NT LAN Manager which is used to authenticate logons to PCs that are connected to the network.
The security update provided by Microsoft includes updates for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and the new Windows 7 operating systems.
User Account Controls
Microsoft changed and upgraded the User Account Control settings for Windows 7 to make it more flexible for users. Some of the UAC applications are channeled through the User Account Controls to reduce user interaction. As a result, the vulnerability is apparent when the third party application calls on files by proxy through an existing Windows application which never uses the UAC prompt application.
1. File and share permissions that give up everything to everyone -- This is easily the biggest vulnerability I'm seeing with Windows systems regardless of the type of system or Windows version. Users who create shares to make their local files available across the network are typically the culprits. Sometimes it's careless admins; other times they're honest mistakes. Unfortunately, all too often the "Everyone group" is given full access to every file on the system. Then, all it takes is for an insider to search for sensitive keywords stored in .pdf, .xls, .doc and other file formats using a text search tool such as Effective File Search or FileLocator Pro. Odds are -- nearly 100% of the time -- the attacker will come across sensitive information (SSNs, credit card numbers, you name it) that they shouldn't have access to. Best case scenario, this is an identity theft in the making. Worst case, this becomes a serious breach that