Thursday, September 09, 2010

Top 10 Windows Vulnerabilities

By understanding Windows based vulnerabilities, organizations can stay a step ahead and ensure information availability, integrity, and confidentiality. Listed below are the Top 10 Windows Vulnerabilities:
  1. Web Servers - misconfigurations, product bugs, default installations, and third-party products such as php can introduce vulnerabilities.
  2. Microsoft SQL Server - vulnerabilities allow remote attackers to obtain sensitive information, alter database content, and compromise SQL servers and server hosts.
  3. Passwords - user accounts may have weak, nonexistent, or unprotected passwords. The operating system or third-party applications may create accounts with weak or nonexistent passwords.
  4. Workstations - requests to access resources such as files and printers without any bounds checking can lead to vulnerabilities. Overflows can be exploited by an unauthenticated remote attacker executing code on the vulnerable device.
  5. Remote Access - users can unknowingly open their systems to hackers when they allow remote access to their systems.
  6. Browsers – accessing cloud computing services puts an organization at risk when users have unpatched browsers. Browser features such as Active X and Active Scripting can bypass security controls.
  7. File Sharing - peer to peer vulnerabilities include technical vulnerabilities, social media, and altering or masquerading content.
  8. E-mail – by opening a message a recipient can activate security threats such as viruses, spyware, Trojan horse programs, and worms.
  9. Instant Messaging - vulnerabilities typically arise from outdated ActiveX controls in MSN Messenger, Yahoo! Voice Chat, buffer overflows, and others.
  10. USB Devices - plug and play devices can create risks when they are automatically recognized and immediately accessible by Windows operating systems.
Security assessments help organizations identify, manage, and reduce their risks.

Labels: , , ,