Microsoft Windows Vulnerabilities

8/8/2019 Microsoft Windows Vulnerabilities

1/23


2/23

Mohga Nabil Mostafa Fathi Samar Hazem Mariam Reyad Soaad Ali Mona Sherif

Shaimaa Mohammed

Shaimaa Hassan Zainab Fayez Sarah Ahmed Samah Gamal Al-hariry


3/23

Whats vulnerability??

Types of vulnerability

Windows Vista vulnerabilities.

Windows 7 vulnerabilities.


4/23

a weakness which allows an attacker to

reduce a systems information insurance.

Also known as attack surface.


5/23

Hardware:

Ex: susceptibility to humidity & dust.

Software: Ex: insufficient testing.

Network:

Ex: unprotected communication lines. Personnel:

Ex: inadequate security awareness.


6/23


7/23

Weather Gadget Vulnerability :x The vulnerability is due to insufficient validation

of input that is supplied to the WeatherGadget.

Risks:

An attacker could exploit this vulnerability by

convincing a user that has the gadgetenabled to follow a malicious link in theWeather Gadget. A successful exploit couldallow the attacker to execute arbitrary codewith the privileges of the authenticated user.


8/23

HTML Component Handling Vulnerability:

Risks:

An attacker could exploit the vulnerability byconstructing a specially crafted Web page.When a user views the Web page via internetexplorer, the vulnerability could allow remotecode execution. An attacker who successfullyexploited this vulnerability could gain the same

rights as the logged on user.


9/23

IPv6Memory Corruption Vulnerability :x The TCP/IP stack in Microsoft Windows Vista

SP1 and SP2, and Windows 7 does not properlyhandle malformed IPv6 packets.

Risks:

An attacker could exploit the vulnerability by

sending the target system a small number ofspecially crafted packets, causing theaffected system to stop responding.


10/23

Microsoft Silverlight and Microsoft .NETFramework Vulnerability :

Microsoft Silverlight and .NET Framework areprone to a remote code-executionvulnerability because they fail to properlyhandle interfaces when running .NETapplications.

Risks:x Successful exploits may allow an attacker to

execute arbitrary code with the privileges ofthe currently logged-in user.


11/23

Integer Overflow in Windows Networking

Vulnerability :

The vulnerability is due to improperhandling of data copied from user modeby windows TCP/IP stack and resulting inan integer overflow .

Risks:x An attacker can exploit this vulnerability to gain

elevated privileges.


12/23

Rootkit vulnerability :

Risks:

x Attacker can exploit the network flow to inject theOS with a rootkit which give him a full control overthe system.


13/23


14/23

SMB DoS Vulnerability:

fails to sufficiently validate all fields when

parsing specially crafted SMB packets. Risks:

x A remote attacker could exploit this flaw via aspecially crafted network message.

x Denial of service .x System stop responding until manually

restarted.


15/23

XPMode Vulnerability:

Microsofts Virtual PC which allows an

attacker to bypass some of the securitysafeguards which would normally be inplace if the system was running on baremetal.


16/23

Blue-Screen Crashes: Software or device drivers may have a

problem. Installation of new hardware /software.

A hardware device is malfunctioning , or wasremoved while Windows was running.

outdated BIOS information can also causeerrors.

Update patches .

Corrupted startup files


17/23

Aero vulnerability Integer Overflow

Vulnerability:

Error in parsing information copied from usermode to kernel mode.

Risk:

x Code execution.

x cause the system to stop responding andrestart.


18/23

Windows Explorer:

hides file extensions by default.

The exploit tricks the user into clickingsomething that appears to be harmless butin reality it is malware that is capable ofdestroying your hard drive.

Ex: the malware can present itself as"destructive_malware.txt.exe."


19/23

Memory attack:

Hackers can gain access to a system's

memory--thus taking overWindows 7--through its PCMCIA card.

This means that the CPU and OS werebypassed, unable to prevent malicious DMA

requests.


20/23

Local privilege escalation Auto elevation:

UAC still pops up when a third-party program or

plugon wants to make a change to the system,but no longer requires confirmation whenworking with things built-in to the operatingsystem (such as most of the Control Panel

applets).

Risk:x Denial of service attack if a hacker sends a packet

containing malicious files during NTLM

authentication.


21/23

http://threatpost.com/en_us/blogs/microsoft-virtual-pc-flaw-lets-hackers-bypass-windows-defenses-031610

http://www.checkpoint.com/defense/advisories/public/announcement/111709-ms-win7-

smb-dos-vulnerability.html http://www.dslreports.com/forum/r22996742-

New-flaw-causes-Blue-Screen-of-Death-on-Vista-Windows-7

http://www.ccscentral.com/ccs-blogs/ccs-retail-systems-daves-blog/613-windows-7-aero-vulnerability


22/23


23/23

Microsoft Windows Vulnerabilities

Documents