Common vulnerabilities in Windows XP and Windows 7 systems

Common vulnerabilities in 1.Windows XP systems

Common vulnerabilities in Windows XP systems include UPnP Service vulnerability, escalation vulnerability, help and Support Center vulnerability, compressed folder vulnerability, Denial of service vulnerability, Windows Media Player Vulnerability, RDP vulnerability, VM Vulnerability, Hotkey vulnerability, Account quick Switch vulnerability, and more.

(1) UPnP Service vulnerability

Vulnerability Description: Allows an attacker to execute arbitrary instructions.

A critical security vulnerability exists for the UPnP service that Windows XP starts by default. The UPnP (Universal Plug and Play) system is intended for wireless devices, PCs, and smart applications, providing a common peering network connection, providing TCP/IP connectivity and Web access between home information devices and office networking devices, which can be used to detect and integrate UPnP hardware.

A security vulnerability exists in the UPnP protocol that allows an attacker to illegally obtain system-level access to any Windows XP, attack it, and initiate a distributed attack by controlling multiple XP machines.

Defense policy: Download and install the corresponding patches after disabling the UPnP service.

(2) Upgrade Program vulnerability

Vulnerability Description: If you upgrade Windows XP to Windows XP Pro,ie will reinstall, the previously patched patches will be cleared.

The Windows XP upgrade will not only remove IE patch files, but will also cause Microsoft's upgrade server to not correctly identify IE for defects, that is, there are 2 potential threats to the Windows XP Pro system.

• Scripts for certain Web pages or HTML messages can automatically call programs in Windows.

• The user's computer files can be peered through IE vulnerabilities.

Defense strategy: If Internet Explorer does not download the upgrade patch, you can download the latest patches from the Microsoft website.

(3) Help and Support Center vulnerability

Vulnerability Description: Delete files for user system.

The Help and Support Center provides integrated tools for users to get help and support for a variety of topics. A vulnerability in Windows XP Help and Support Center could allow an attacker to skip a special webpage (calling the wrong function when opening the webpage and passing the existing file or folder name as a parameter) to cause the upload of a file or folder to fail, which can then be posted on the Web site. Attacks on users who visit the site or are propagated as messages. The vulnerability would not give other rights to the attacker to delete the file, and the attacker could neither gain access to the system administrator nor read or modify the file.

Defense policy: Install service Pack 3 for Windows XP.

(4) Compressed folder vulnerability

Vulnerability Description: The Windows XP compressed folder can run code as the attacker chooses.

In a Windows XP system with a "Plus" package installed, the "Compressed Folders" feature allows the zip file to be treated as a normal folder. There are 2 vulnerabilities in the Compressed Folders feature, as described below.

• When extracting a zip file, an unchecked buffer exists in the program to hold the extracted files, so it is likely to cause the browser to crash or the attacker's code to be run.

• The unzip feature places files in a non-user-specified directory, allowing an attacker to place files in a known location on the user's system.

Defense policy: Do not receive untrusted message attachments and do not download untrusted files.

(5) Denial of service vulnerability

Vulnerability Description: Denial of service.

Windows XP supports point-to-Point Protocol (PPTP) as a virtual private network technology implemented by the Remote Access service. A vulnerability exists in the implementation of Windows XP because of an unchecked cache in its control over the code snippet used to establish, maintain, and disassemble the PPTP connection. By sending incorrect PPTP control data to a server that has the vulnerability, an attacker could corrupt core memory and cause the system to fail, interrupting a running process on all systems. The vulnerability could attack any server that provides PPTP services. For PPTP client workstations, an attacker can only activate a PPTP session for an attack. For any compromised system, normal operation can be resumed by rebooting.

Defense strategy: Turn off PPTP services.

(6) Windows Media Player Vulnerability

Vulnerability Description: May lead to disclosure of user information, script calls, cache path leaks.

The Windows Media Player vulnerability is primarily a 2-point problem: An information disclosure vulnerability that provides an attacker with a way to run code on a user's system, a severity level defined by Microsoft as "critical", and a script execution vulnerability when the user chooses to play a special media file, Then, after browsing a specially constructed webpage, an attacker could then run the script with the vulnerability. Because the vulnerability has a special timing requirement, it is relatively difficult to exploit this vulnerability and its severity level is low.

Defense strategy: The files to be played are downloaded to local replay before they can be exploited by this vulnerability.

(7) RDP vulnerability

Vulnerability Description: Information disclosure and denial of service.

The Windows operating system provides remote terminal sessions to clients via RDP (remote Data Protocol). The RDP protocol transmits the associated hardware information for a terminal session to a remote client, as described in the following vulnerability.

• A vulnerability related to session encryption implementation for some RDP versions. All RDP implementations allow encryption of data in an RDP session, and in Windows 2000 and Windows XP versions, the checksum of plain text session data is not encrypted before it is sent, an attacker who taps and logs an RDP session can parse the attack and overwrite the session transmission with the checksum.

• A vulnerability to some incorrect packet handling methods implemented with RDP in Windows XP. When these packets are received, Remote Desktop services will be invalidated and the operating system will be invalidated. When an attacker sends such a packet to an affected system, it does not require system authentication.

Defense policy: Windows XP does not start its Remote Desktop services by default. Even if Remote Desktop Services is started, you can avoid this attack by masking port 3389 in the firewall.

(8) VM Vulnerability

Vulnerability Description: Could cause information disclosure and execute attacker's code.

An attacker could crash a host application by passing an invalid parameter to the JDBC class, and an attacker would have to have a malicious Java applet on the Web site and entice the user to visit the site. A malicious user can install arbitrary DLLs on a user's machine and execute arbitrary native code, potentially destroying or reading memory data.

Defense strategy: Frequent security updates for related software.

(9) Hotkey Vulnerability

Vulnerability Description: After setting the hotkey, because of the Windows XP self-logout function, can make the system "false logoff", other users can be called through the hotkey program.

The hotkey feature is a system-provided service that, when the user leaves the computer, is in an unprotected state, and Windows XP automatically enforces self-logoff, although it cannot enter the desktop, but because the hotkey service is not stopped, the application can still be started by using a hotkey.

Defense strategy:

① because the vulnerability is exploited as a hotkey, it is necessary to check hotkeys for programs and services that may pose a hazard.

② Start the screen saver and set the password.

③ locks the computer when it leaves the computer.

(10) Quick Account Switching vulnerability

Vulnerability Description: There is a problem with the Windows XP fast Account switching feature, which can cause account lockout, so that all non-administrator accounts can not log in.

The Windows XP system designed the account quick switch function, so that users can quickly switch between different accounts, but there is a problem with the design, can be used to cause account lockout, so that all non-administrator accounts can not log on. With the account lockout function, the user can use the quick switch function, quickly retry the login to another user name, the system will be identified as brute force, resulting in non-administrator account lockout.

2.Windows 7 System Common Vulnerabilities

There are a lot less vulnerabilities in Windows 7 systems than Windows XP. A common vulnerability in Windows 7 Systems is a shortcut vulnerability with an SMB protocol vulnerability of 2.

(1) Shortcut vulnerability

Vulnerability Description: A shortcut vulnerability is a critical security vulnerability that exists in the Windows Shell framework. During the parsing process of Shell32.dll, the file format of "shortcut" will be resolved one by one: first find the file path that the shortcut points to, and then find the icon resource that the shortcut depends on. In this way, the Windows desktop and the Start menu can see a variety of beautiful icons, when we click these shortcuts, we will execute the appropriate application.

Microsoft LNK vulnerability is the use of System resolution mechanism, the attacker maliciously constructs a special LNK (shortcut) file, carefully constructs a string of program code to cheat the operating system. When Shell32.dll resolves to this string of encodings, the "shortcut" is assumed to be dependent on a system control (DLL file), and the "system control" is loaded into memory for execution. If this "system control" is a virus, Windows will activate the virus when parsing the LNK (shortcut) file. The virus is likely to be propagated via USB memory.

Defense strategy: Disable the Autorun function of the USB memory and manually check the root folder of the USB memory.

(2) SMB Protocol Vulnerability

The SMB protocol is primarily a communication protocol for Microsoft Networks that is used to share files, printers, serial ports, etc. between computers. When the user executes the SMB2 protocol, the system will be attacked by the network, causing the system to crash or restart. Therefore, as long as the intentional sending of a wrong network protocol request, the Windows 7 system will appear a page error, resulting in a blue screen or panic.

Defense policy: Turn off the SMB service.

Common vulnerabilities in Windows XP and Windows 7 systems