The Vulnerabilities Of Windows Operating Systems

The family of Windows operating systems supports a wide variety of services, networking methods and technologies. Many of these components are implemented as Service Control Programs under the control of Service Control Manager, which runs as services.exe. Vulnerabilities in these services that implement these Operating System functionalities are one of the most common avenues for exploitation in computer hacking.

Remotely exploitable buffer overflow vulnerabilities continue to be the number one issue that affects Windows services. Several of the core system services provide remote interfaces to client components through Remote Procedure Calls . Windows also contains several services which implement network interfaces based on a variety of other protocols, including several Internet standards. Many of these services can be exploited via anonymous sessions.

Earlier versions of the operating system, especially Windows NT and Windows 2000, enabled many of these services by default for better out of the box experience. These non essential services increase the exploit surface significantly. Information security training courses will equip you protect your technologies against all types of computer hacking.

You can also verify the presence of a patch by checking the registry key mentioned in the Registry Key Verification section of the corresponding security advisory. Additionally, it is advisable to also make sure the updated file versions mentioned in the advisory are installed on the system. To check if your system is vulnerable to an issue in an optional service, you need to determine if the service is enabled. This can be done through the Service Manager interface, which can be invoked from the Start-Run menu. Keep the systems updated with all the latest patches and service packs. If possible enable Automatic Updates on all systems.

Use Intrusion Detection Systems to prevent or detect attacks exploiting these vulnerabilities. Determine if the vulnerability exists in a non essential component that can be removed. Please take caution when determining this as it could break functionality if there is other software that depends on this. In some cases, exposure to the vulnerability could be removed by disabling the corresponding service. For example License Logging Service could be disabled in many environments. Type services.msc in the start-run menu to invoke the service manager interface. Locate the required service and right click after highlighting it. Invoke the properties option in the pop-up menu. The Startup Type of the service can be modified to disable the respective service.

In some cases, null session access to the vulnerable interface could be removed as a work-around. It is a good practice to review your current Restrict Anonymous settings and keep it as stringent as possible based on your environment. It is also a good practice to block inbound RPC requests from the Internet to ports above 1024 to block attacks to other RPC based vulnerabilities using firewalls. It is highly advisable to upgrade to these service packs and enable the Windows firewall.