Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008
Overview : SANS Top 20 Security Risks of Client-side vulnerabilities Web browsers Office software clients Media players These vulnerabilities are found primarily in Windows, but exist in other operating systems
Web browsers Internet Explorer Many security holes that allow execution of arbitrary code Many of the exploits are available to the public IE exploits vulnerabilities in other Windows components such as the Graphics Rendering Engine Hundreds of exploits in ActiveX controls
Web browsers Mozilla Firefox Unpatched or older versions contain weaknesses that allow execution of arbitrary code Third-party plug-ins Used to access multimedia files and documents Users may not know they are installing such plug- ins IE7 is unable to hand custom URIs – hackers can insert custom URIs into PDF documents to allow execution of malicious code
Systems affected Theoretically, any system that uses any web browser could be affected Attacks are concentrated on most popular web browsers and operating systems Internet Explorer 5 or later on Windows Firefox on any operating system
How to avoid these vulnerabilities Windows XP users should use Service Pack 2 If this is not possible, use a browser other than IE IE users should use latest version (IE7) Systems should be updated with latest patches and service packs Use anti-malware software Users of older Windows systems should upgrade to XP Use a browser that does not support ActiveX
Office software Most common office software is Microsoft Office Contains several high-risk vulnerabilities
Office software Vulnerability occurs through client because of malicious s Exploits also occur in web-based documents and spreadsheets IE automatically opens MS Office documents, which may be malicious
Systems affected All Windows systems that use MS Office Mac systems that use MS Office Level of vulnerability depends on version of software installed
How to avoid these vulnerabilities Use latests patches and service packs Do not open s from suspicious sources Use caution even with s from known sources Disable option in IE that allows it to automatically open MS Office documents Use anti-malware software
clients Malicious s may contain malware Phishing, spam, denial of service attacks Impact of malicious s Distribution of malware (viruses, trojans, spyware) Disclosure of private information Disable certain services
Systems affected Microsoft Outlook (Windows) Outlook Express (Windows, older versions available for Mac) Mozilla Thunderbird (Windows, Mac, Linux) Mail.app (Mac)
How to avoid these vulnerabilities Remove client software from systems where it is not necessary Use latest version of software Use anti-malware software Do not run client from administrator or other privileged account Do not open suspicious s Do not respond to spam View messages without HTML or other formatting Scan attachments before opening them
Media players Most media players are third-party and must be installed by the user Upgrades must be manually installed by user
Systems affected Real Player (Windows, Mac, Linux) Adobe Flash Player (Windows, Mac, Linux) Apple Quicktime (Windows, Mac) Apple iTunes (Windows, Mac) Windows Media Player (Windows)
How to avoid these vulnerabilities Use latest version of software Use anti-malware software Configures operating systems and browsers to prevent unintentional installation of software Install media players only on systems that require it