Operating System Security Flaws
November 3, 2014
Distributed System Failures:
As basic users, security is one feature that most of us overlook when it comes to operating systems until it is too late. In this paper we will discuss the security flaws within the Windows Operating system, and then discuss countermeasures to fix the system flaw. We will first look at some known flaws in Windows 7 and Windows 8. An Information Security Engineer at Google had decided to reveal a flaw that affected two of Microsoft’s newest operating systems that allowed attackers to obtain higher privileges on an unpatched computer. The vulnerability was caused due to an error within the ‘win32k.sys’ when it processes certain objects and it can be exploited to cause a crash or perform arbitrary code with kernel privilege. A more recent flaw in Windows has been identified as the Zero-Day Vulnerability; the Microsoft Windows Object Linking and Embedding (OLE) package manager remote code execution vulnerability (CVE-2014-4114) permits attackers to embed OLE files from external locations. CVE-2014-4114 flaw can be exploited to download and install malware on to the target’s computer. This vulnerability affects all versions of Windows to include; Windows Vista Service Pack 2, Windows 8.1 and Windows Server versions 2008 and 2012. The Microsoft technology allows rich data from one document to be embedded in another document or link to a document. The OLE is usually used for embedding locally stored content but this flaw allows the unprompted download and execution of external files. The attackers send the targeted individuals or corporations a spear-phishing email that contains a malicious PowerPoint (PPT) file attachment; this email is detected by Symantec as Trojan.Mdropper. The sent file contains two embedded OLE documents containing URLs. If the targeted individual opens the PPT file, the URLs are contacted and two files are downloaded which in turn will install the malware on the computer. When the malware is installed on the victim’s computer, this creates a back door that allows the attackers to download and install other malware; the malware can also download updates for itself to include an information stealing component. Microsoft is advising customers that there is no patch currently available for this vulnerability; they have supplied a fixit tool that decreases the attacks. While the present exploits are using PowerPoint files to deliver the malware, given the type of flaw, they may start using different office files such as word documents or excel spreadsheets. The second zero-day vulnerability is CVE-2014-4113, which is a local elevation of privilege vulnerability; this flaw has been seen in attacks against Windows Server 2003/R2, 2008/R2, Windows 2000, Windows Vista and Windows XP SP3. This flaw cannot be used on its own to compromise a victim’s security. The attacker would need to gain access to a remote system running any of the above lists operating systems before they could execute code within the context of the Windows Kernel. ("Sandworm Windows Zero-Day Vulnerability Being Actively Exploited In Targeted Attacks", 2014). Microsoft’s security advisory states the company is vigorously working to provide broader protections to their customers; the company states that the resolution of the issue may include providing a security update through a monthly patch update or providing an unscheduled security update. As stated above Microsoft issued a temporary fixit tool that can be applied to 32-64 bit versions of PowerPoint 2007, 2010 and 2013. This can be used until an official patch is released. Also another countermeasure to avoid downloading malware on to your operating system is not open any PowerPoint Presentations or documents from unknown parties, even mail from known addresses should be avoided unless you can confirm with the sender that the email was intentionally...
References: Google Engineer Finds Critical Windows 7 / 8 Security Flaw. (2001-2014). Retrieved from http://news.softpedia.com/news/Google-Engineer-Finds-Critical-Windows-7-8-Security-Flaw-355406.shtml
Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks. (2014). Retrieved from http://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks
Please join StudyMode to read the full document