Overall search for security vulnerabilities in the Windows family (figure)

Source: Internet
Author: User

WinXP has never been stable and secure, but there are still a variety of security vulnerabilities. If we are indifferent to this, online hackers will have a chance, they can easily steal your trade secrets and destroy important information ......, The loss is huge! How can we ensure your Windows security? A better solution is to frequently Download Windows security patches and update the system to block various security vulnerabilities. This work should be done as often as it upgrades anti-virus software. Let's take a look at the security vulnerabilities in the Windows family. How can we block them?

I. WinXP Security Vulnerabilities

1. Quick User Switching Vulnerability

Windows XP quick User Switching has a vulnerability. When you click Start/logout/switch user to start the quick user switching function and retry logging on to a user name in the traditional login method, the system will mistakenly believe that there is a brute-force cracking attack, so it will lock all non-administrator accounts.

Security Countermeasure: click Control Panel/user account/change the user logon or logout method to cancel "Use Quick User Switching" (figure 1) to disable the user quick switching function.

Figure 1

2. UPnP service vulnerabilities

UPnP (Universal Plug-and-Play protocol, Universal Plug and Play) is a service that allows hosts to locate and use devices on the LAN, it can use the IP Protocol to enable computers, scanners, printers, digital cameras, and other devices to automatically search for each other for communication. network devices can use UPnP to find other devices connected to the same network, this is like an out-of-the-box application. After the new hardware is installed, the PC can automatically find the hardware.

UPnp is currently a relatively advanced technology that has been included in Windows XP. This is a good thing, but it is troublesome because UPnp will bring some security vulnerabilities. Hackers can exploit this vulnerability to gain full control of other PCs or launch DOS attacks. If he knows the IP address of a PC, he can control the PC over the Internet, even if he does not know the IP address of the PC in the same network. Specifically, the UPnP service can cause the following two security vulnerabilities:

(1) Buffer Overflow Vulnerability

UPnP has a buffer overflow problem. when processing the Location field in the NOTIFY Command, if the IP address, port, and file name are too long, a buffer overflow occurs, which may cause some processes of the server program, the content of its memory space is overwritten. This security vulnerability was discovered and notified to Microsoft by eEye digital security, the most serious buffer overflow vulnerability ever detected in Windows. Because the UPnP service runs in the context of the system, hackers can exploit this vulnerability to launch Dos attacks. High-level hackers can even control others' computers in one fell swoop, take over the user's computer, view or delete files. More seriously, server programs listen to broadcast and multicast interfaces, so that attackers can simultaneously attack multiple machines without knowing the IP addresses of a single host.

Security Countermeasure: Because Windows XP has enabled the UPnP (Universal Plug and Play) function, all WinXP users should install the patch immediately, this patch is required only when UPnP is running, because the UPnP function of Windows ME is disabled during installation. For Win98, because there is no UPnP, this patch is required only when you have installed UPnP on your own. You can download the patch from Microsoft website.

(2) UDP and UDP Spoofing

It is also easy to attack the system that runs the UPnP service. If you send a UDP packet to port 1900 of the system, the address of the "LOCATION" Domain points to the Chargen port of another system, this may cause the system to enter an infinite connection loop, resulting in 100% of the system CPU usage and failure to provide normal services. In addition, attackers can send a forged UDP packet to a network with many XP hosts, and may force these XP hosts to attack the specified host.

Security Countermeasure: Click XP control panel/management tools/services, double-click the "Universal Plug and Play Device Host" service, and select "disabled" in the Startup Type (figure 2) disable the UPnP service.

Figure 2

If you do not want to disable the UPnP service to block this type of security vulnerability, you can download and install the corresponding patch on Microsoft's website, or set a firewall to disable External network packets from connecting to port 1900.

3. "Self-logout" Vulnerability

The hotkey function is one of the system services of WinXP. Once a user logs on to WinXP, The hotkey function is started, so you can use the default hotkey of the system or set it yourself. If the screen saver and password are not set on your computer and you leave the computer for a while and go somewhere else, WinXP will be smart enough to automatically log out, however, this kind of "logout" is not actually logged out, and all background programs are still running (the hotkey function is not disabled, of course). So although others cannot enter your desktop, you can't see what you put in your computer, but you can continue using the hotkey.

At this time, if someone is on your machine, use a hotkey to start some network-related sensitive programs (or services), use a hotkey to delete important files on the machine, or use a hotkey to do other bad things, the consequences are also very serious! As a result, the vulnerability was born. We hope Microsoft can release patches in time so that the hotkey service can also be stopped when WinXP is "self-deregistered.

Security Countermeasure: When you leave the computer, press the Windows key + L key to lock the computer; or open the screen saver and set the password; or check the hotkeys of programs and services that may cause harm and cancel these hotkeys.

4. Remote Desktop Vulnerabilities

When establishing a network connection, WinXP Remote Desktop sends the user name in plaintext to the client connected to it. The user name sent can be the user name of the remote host or a common user name on the client. The network sniffer program may capture the account information.

Security Countermeasure: click Control Panel/system/remote to cancel "allow users to remotely connect to this computer" to stop using remote desktop.

5. "Help and Support Center" Vulnerability

Windows XP has a "Help and Support Center" function. When users connect to the Internet, hackers can exploit the security defects in the code that sends new hardware materials to Microsoft, attackers can remotely access machines with this vulnerability from links in a webpage or HTML-format email to open or delete files on the attacked machines.

Security Countermeasure: download and install patches to Microsoft's website to solve the problem, or install Windows XP SP1 released by Microsoft. WinXP SP1 can be downloaded or purchased from Microsoft's website.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.