Top-Rated Free Essay
Preview

Intro To IT Security Unit 2 Assignment 2 Microsoft Environment Analysis

Powerful Essays
537 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Intro To IT Security Unit 2 Assignment 2 Microsoft Environment Analysis
Eric Worth
12/18/14
Intro to Information Security NT2580
Unit 2 – Assignment 2 – Microsoft Environment Analysis
Go through the archive of Microsoft Security Advisories on the following link: http://www.microsoft.com/technet/security/advisory/archive.mspx Answer the following questions based on the advisories for the past 12 months: Questions:
1. What vulnerabilities exist for this workgroup LAN based on the advisories? List five of them.
2. Do any vulnerabilities involve privilege elevation? Is this considered a high-priority issue?
3. Identify and document at least three vulnerabilities and the solutions related to the client configurations.
Answers:
1. The five vulnerabilities for this workgroup LAN are based on the Microsoft Security Advisories. The numbers are as follows:
a. Advisory # 2846338 – Vulnerability in Microsoft malware protection engine could allow remote code execution. This number involves privilege elevation.
b. Advisory # 2719662 – Vulnerabilities in gadgets could allow remote code execution.
c. Advisory #2854544 – Updates to improve crytograghy and digital certificate handling in Windows.
d. Advisory # 2755801 – Update for vulnerabilities in Adobe flash player in Internet Explorer.
e. Advisory # 2877140 – Vulnerability in Internet Explorer could allow remote code execution.

2. Yes

3. Advisory # 2719662 - Solution Microsoft is announcing the availability of an automated Microsoft fix it solution that disables Windows sidebar and gadgets on supported editions of Windows Vista and Windows 7. Disabling Windows sidebar and gadgets can help protect customers from potential attacks that leverage gadgets to execute arbitrary code. Customers should consider the following ways that an attacker could leverage gadgets to execute arbitrary code: Microsoft is aware that some legitimate gadgets running in Windows sidebar could contain vulnerabilities. An attacker who successfully exploited a gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could create a malicious gadget and then trick a user into installing the malicious gadget. Once installed, the malicious gadget could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. In addition, gadgets can access your computer's files, show you objectionable content, or change their behavior at any time. Gadgets could also potentially harm your computer. Recommendation: Customers who are concerned about vulnerable or malicious Gadgets should apply the automated Microsoft fix it solution as soon as possible.
Advisory # 977981 - Solution This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Advisory # 979352 - Solution Solution: This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

You May Also Find These Documents Helpful

  • Satisfactory Essays

    -In reference to previous network plan U1A1 a firewall will be in place in the LAN/WAN Domain & System/Application Domain to protect internal network from potential external threats.…

    • 565 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    NT2580 Project Part 1

    • 348 Words
    • 1 Page

    Access to the company network will be secured by multiple firewalls set up with our routers. Firewall filters will be set up with a specific list of allowed users and programs. All other traffic will be blocked by default until it has been approved by IT. There will be a limited number of wireless access points around the building, with password access. These passwords will be changed on a regular basis. Access to the local network will be secured by user authentication passwords. Users will be limited to only the system resources that they absolutely need to complete their work. Users’ passwords must be changed every 90 days.…

    • 348 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    ISSC362 Week 2

    • 645 Words
    • 3 Pages

    Which tool and application were used to exploit the identified vulnerability on the targeted Microsoft® Windows 2003 XP server?…

    • 645 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Is3110 Week2 Assignment

    • 348 Words
    • 2 Pages

    For this assignment, imagine that you work for U.S. Industries, Inc. as a network administrator. Your…

    • 348 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Nt1330 Unit 1 Case Study

    • 825 Words
    • 4 Pages

    When configuring windows networking, two major approaches are valid to secure all the network resources, the workgroup approach and the Domain approach. The workgroup approach is simply to create a windows peer-to-peer network with a decentralized security system. This workgroup security approach…

    • 825 Words
    • 4 Pages
    Good Essays
  • Best Essays

    Aircraft Solutions Project

    • 2440 Words
    • 10 Pages

    The purpose of the report is to assist Aircraft Solutions (AS) in indentifying the most significant Information Technology (IT) security vulnerabilities. AS products and services are at the forefront of the industry and the protection of such is very important as they are an industry leader. The vulnerabilities that will be discussed are the firewall configuration, virtualization of their hardware assets and defining security policy regarding the timeliness of firewall configuration and updates.…

    • 2440 Words
    • 10 Pages
    Best Essays
  • Satisfactory Essays

    One common vulnerability is the lack of or outdated antivirus software. We get the popup alerts and click it away, because that alert is so annoying. But what must be realized is that annoying popup is a warning alert telling the user that the local workstation or network has a weakness that needs to be addressed.…

    • 167 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    IT255 Project 1

    • 663 Words
    • 2 Pages

    A priority to the LAN domain is proper security of physical equipment. Only authorized personnel are allowed to gain access into...…

    • 663 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Answer: 2846338 involves privilege elevation, Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution, and is a high priority.…

    • 290 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    Windows of Vulnerability is defined as the ability to attack something that is at risk. Hackers search and pride themselves on finding vulnerabilities or creating their own within a system. A few examples of vulnerabilities that will be covered in this paper are CodeRed, Spida, Slammer, Lovesan, and Sasser.…

    • 499 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    The list below contains the findings, weaknesses, or vulnerabilities discovered during the site security assessment. Some of the issues listed here are coalesced from more than one section of the assessment…

    • 2011 Words
    • 10 Pages
    Powerful Essays
  • Good Essays

    Lab 7

    • 928 Words
    • 3 Pages

    1. What are some common risks, threats, and vulnerabilities commonly found in the LAN-to-WAN Domain that must be mitigated through a layered security strategy?…

    • 928 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Lab 4 MBSA Scan IT1400

    • 527 Words
    • 3 Pages

    Result: The Automatic Updates feature has not been configured on this computer. Please upgrade to the latest…

    • 527 Words
    • 3 Pages
    Satisfactory Essays
  • Better Essays

    Technical Paper

    • 2498 Words
    • 10 Pages

    and enable those subscribers to call subscribers on the incumbent‘s network. (Blackman & Srivastava, 2011) GFI’s successful communication with their customers is required in order to conduct…

    • 2498 Words
    • 10 Pages
    Better Essays
  • Powerful Essays

    the top 5 malwares

    • 3607 Words
    • 15 Pages

    _____ “Computer-virus threats on the rise “. The Manila Bulletin. (December 05, 1999) XIII (296): 16…

    • 3607 Words
    • 15 Pages
    Powerful Essays