StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Windows Vulnerability - Research Paper Example

Cite this document
Summary
This bug allows an attacker to gain remote access to the target systems, meaning that they have unauthorized and uncontrolled access to an organization’s…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.2% of users find it useful
Windows Vulnerability
Read Text Preview

Extract of sample "Windows Vulnerability"

Vulnerability Report The TLS Protocol CBC Mode Information Disclosure Vulnerability is found on a variation of windows operating systems. This bug allows an attacker to gain remote access to the target systems, meaning that they have unauthorized and uncontrolled access to an organization’s sensitive information. This is, primarily, due to the fact that design flaws exist when using the cipher-block chaining (CBC) approach of operation within the encryption protocols used at the transport layer.

It is in this way that malicious attackers could lure system users to websites that contain malicious code, upon which, requests will be processed allowing them access to the target systems. This report highlights the details of attacks conducted using this vulnerability, the systems that are vulnerable to this attack, the consequences and effects of the attacks, document some cases where such attacks have taken place and finally explore the fixes that exist so far.How it WorksAs stated above, such an attack takes advantage of the design flaws in transport layer, such that the attacker is able to intercept secure traffic from the target computer.

In this way, the attacker could make use of an enticing website to attract a user within the organization. Any processing handled on that website, could trigger sensitive information to flow to the attackers website. A successful attack would be possible if the attacker is able to decrypt the traffic from the target systems, which is normally encrypted.Affected SystemsThe systems using the following operating systems are characterized as vulnerable. They include (Security Focus):Windows XP service pack 3Windows 7 professionalHowever, the vulnerability will not be extended to users of SharePoint 2010 and Microsoft internet information services (IIS7).

These systems will function normally with no fear of remote attacks unless they are deployed on machines with the above named operating systems.Impact of this VulnerabilityThe uncontrolled and unauthorized access to target systems creates a channel that the attacker can use to acquire the organization’s sensitive data or plan future attacks. This means, sensitive information could be leaked to competitors; thus, diminishing any competitive advantages that may have existed.Reported CasesCurrently, there are no reported cases of attacks conducted by exploiting this vulnerability.

According to a vulnerability alert, this exploit has been unproven (Cisco). However, this does not belittle the fact that the vulnerability still exists and measures should be taken to ensure that the organization’s data is safe. Recommendations and FixesGiven the fact that this vulnerability can be exploited through remote means, it is important to ensure that the filters and checks are put in place to control access to the organization’s data. Computers with operating systems that are vulnerable should only have access to trusted networks and computers within the organization (Symantec).

It is also prudent to make use of Network Intrusion Detection Systems (NIDS), which will be instrumental in analyzing the traffic (Cisco). Such systems will be able to identify, suspicious activity that may happen to be attempts to exploit the systems. Microsoft has also provided updates that can be deployed automatically to all computers within the organization. Cisco advocates for the use of RC4 algorithm instead of CBC for encryption; however, in such a case all systems that are in communication will be required to support this algorithm (Cisco).

Aside from these solutions provided, the organization and its users also have a role to play. Administrators should only give access to company systems to trusted users, they should also regularly monitor systems that are vulnerable, and finally, users should not open suspicious emails or emails that originate from unknown sources.Works CitedCisco. “Microsoft Windows TLS Protocol Information Disclosure Vulnerability.” Cisco. n.p. 10 July 2012. Web. 15 Oct. 2012.Security Focus. “Microsoft Windows TLS Protocol CBC Mode Information Disclosure Vulnerability.

” Security Focus. n.p. 10 July 2012. Web. 15 Oct. 2012.Symantec. “Microsoft Windows TLS Protocol CBC Mode Information Disclosure Vulnerability.” Symantec. n.p. 10 July 2012. Web. 15 Oct. 2012.

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Windows Vulnerability Research Paper Example | Topics and Well Written Essays - 500 words”, n.d.)
Windows Vulnerability Research Paper Example | Topics and Well Written Essays - 500 words. Retrieved from https://studentshare.org/information-technology/1605303-windows-vulnerability
(Windows Vulnerability Research Paper Example | Topics and Well Written Essays - 500 Words)
Windows Vulnerability Research Paper Example | Topics and Well Written Essays - 500 Words. https://studentshare.org/information-technology/1605303-windows-vulnerability.
“Windows Vulnerability Research Paper Example | Topics and Well Written Essays - 500 Words”, n.d. https://studentshare.org/information-technology/1605303-windows-vulnerability.
  • Cited: 0 times

CHECK THESE SAMPLES OF Windows Vulnerability

The Common Vulnerability in the Microsoft Windows Operating System

Author Name Instructor Name Date CVE-2003-0352/MS03-026 Introduction The aim of the report is to examine the common vulnerability that was exposed in 2003 in Microsoft Windows Operating system.... The common vulnerability that is discussed here is CVE-2003-0352, called as the RPC DCOM vulnerability.... (CVE-2003-0352, 2003) On knowing about the identification of this vulnerability in its primary product, Microsoft released a bulletin with a patch to plug the hole in the system....
10 Pages (2500 words) Coursework

History of the Stuxnet Worm

How the Stuxnet Worm Works Stuxnet makes use of vulnerability just like Windows uses the shortcut files to expand to new systems.... Microsoft found a way to fix this vulnerability with MS10-061 which varies in risk from one type of windows to another.... However, about two weeks after the Stuxnet worm was first identified, researchers of the Kaspersky Lab working in Moscow found that an unknown security flaw in the sharing of printer resources by the windows could also help the Stuxnet worm spread....
5 Pages (1250 words) Research Paper

Assignment 1: IT Consultation for Mr. Green

windows 7 Ultimate Installation Name Institution 1) Capabilities of windows 7 Ultimate currently windows 7 Ultimate is an operating system that is purposefully designed for people and organizations who wish to have all necessary functionalities of the operating systems enabled.... Additionally, it allows for the sharing of documents, files, pictures, videos, and music over a networked system; together with ease to run several other existing productivity and business programs meant for windows XP....
3 Pages (750 words) Assignment

Unix Vs. Windows

In contrast, windows come along as a part of many other products, which is why, the vulnerability of the operating system to security attacks and breaches, becomes more prominent (Tom Halfhill, 2007).... However, the popularity and extent of use among different categories of users is… The fact that windows has grown to be the most widely used operating system is due to the extensive and aggressive marketing strategies adopted by the company (Microsoft)....
2 Pages (500 words) Essay

Practical Windows Security - The Identification of Vulnerabilities

nbsp;… The objective of Common Vulnerabilities and Exposures is to make it rather easier to share data all through the alienated vulnerability potentials (repositories, expert tools as well as services) by means of this "common enumeration.... This paper "Practical windows Security - The Identification of Vulnerabilities" focuses on the fact that Common Vulnerabilities and Exposures or simply CVE is a record of information security vulnerabilities and experiences that intend to offer frequent names for publicly recognized problems....
11 Pages (2750 words) Case Study

The Analysis of the Heartbleed

The Shellshock issue is a sample of ACE (arbitrary code execution) vulnerability.... Classically, ACE vulnerability attacks are carried out on running programs and entail an extremely advanced understanding of the internals of assembly language, code execution and memory layout—the kind of attack that calls for an expert, to be concise (Sampathkumar, Balasubramani 2014).... The attacker employed an ACE vulnerability to run a program granting them an easy way of dominating the targeted machine....
16 Pages (4000 words) Essay

Vulnerabilities in Microsoft Windows Server, IAAS

Each of these servers has witnessed some form of vulnerability.... The file sharing permission is a common form of vulnerability which Windows Server has been exposed to and it has resulted into multiple opportunities for hackers.... This study "Vulnerabilities in Microsoft windows Server, IAAS" reflects upon various aspects of cloud computing and certain vulnerabilities faced by its applications or technologies.... The study discusses these issues in relation to windows Server, an integral component of IAAS framework....
10 Pages (2500 words) Essay

Practical Windows Security

The essay reveals the definition of security vulnerability and tells that it can be regarded as the preliminary filter that is applicable to various issues.... definition of security vulnerability can be regarded as the preliminary filter that is applicable to various issues.... A security vulnerability can be considered as, “a flaw in a product that makes it infeasible – even when using the product properly —to prevent an attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or assuming ungranted trust” (Microsoft 2011)....
9 Pages (2250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us