Windows Libraries Attack Vectors -

SANS Top-20 Internet Security Attack Targets: Windows Libraries Attack Vectors (2/2)

Author: Max : 2006/11/20

Windows Libraries Attack Vectors

W2.2. Operating Systems Affected
Windows NT, Windows 2000, Windows XP, Windows 2003

W2.3. CVE Entries
CVE-2005-4560,CVE-2006-0010,CVE-2006-0012,CVE-2006-2376,CVE-2006-2766,CVE-2006-3086,CVE-2006-3357,CVE-2006-3438,CVE-2006-3730,CVE-2006-4868

W2.4. How to Determine If You Are at Risk

Use any vulnerability scanner to check whether your systems are patched against these vulnerabilities. You can also consider using the Microsoft Windows Server Update Services (WSUS), Microsoft Baseline Security Analyzer (MBSA), Windows Live Scanner or Systems Management Server (SMS) to check the security patch status of your systems.

You can also verify the presence of a patch by checking the registry key mentioned in the Registry Key Verification section of the corresponding security advisory. Additionally, it is advisable to also make sure the updated file versions mentioned in the advisory are installed on the system.

W2.5. How to Protect against These Vulnerabilities

Ensure that your Windows systems have all the latest security patches installed.

Block the ports 135-139/tcp, 445/tcp and other ports used by Windows systems at the network perimeter. This prevents a remote attacker from exploiting the vulnerabilities via shared file systems.

Use TCP/IP Filtering available in Windows 2000 and XP, Windows Firewall in Windows XP systems or any third party personal firewall to block inbound access to the affected ports. It is important that the firewall is properly configured to block against external attacks effectively.

Intrusion Prevention/Detection Systems as well as anti-virus and malware detection software are very helpful in providing additional protection from malware and exploits that are exploiting these vulnerabilities.

If you are running third-party applications on customized Windows 2000/XP platforms, ensure that an appropriate patch from the vendor has been applied.

Follow the principle of "Least Privilege" to limit worms and Trojans from getting a foothold on any systems. Further details about limiting access to certain registry keys, executables and directories are available in the NSA guides at http://www.nsa.gov/snac/index.cfm?MenuID=scg10.3.1.

Use system hardening guidelines (such as those from CISecurity ) to make systems more resistant to remote and local attacks.

Keep up-to-date on Microsoft security news and patches (http://www.microsoft.com/security/default.mspx ).

Due to the large number of attack vectors, be vigilant when receiving email attachment from unsolicited emails and surfing to unknown websites. Do not click on unsolicited links received in emails, instant messages, web forums, or internet relay chat (IRC) channels.

Page: 1 2

Identity Theft Protection Services :
LifeLock Identity Theft Prevention Solution Veracity Credit Optimization Services Equifax Credit Watch	Free Credit Report Identity Truth Privacy Matters 123