Vulnerabilities in operating systems. Part II



    There is no evil without good, and good without good. Each barrel of honey has a fly in the ointment. There are quite a lot of folk wisdom, aphorisms and quotes on the topic of the presence of flaws in something. Today, we will continue to study the flaws, or rather vulnerabilities, of various OS (operating systems). I present to you the second part of the OS Vulnerabilities series of publications. You can find the first here ( link to part I ). Today we will examine the problem areas of several representatives of the Windows family and its eternal adversary - macOS.

    But for starters, I would like to remind you why exactly these OSs we are considering today, how vulnerabilities are selected and what data about them is contained in tables, of which you will see quite a lot below in the text.

    In this part, we will study the second five operating systems from the table below (in bold):
    OS NameManufacturerTotal number of vulnerabilities for 2017Total number of vulnerabilities for 2016Total number of vulnerabilities for the whole time of statistics
    AndroidGoogle6665231357
    Linux kernel Linux3812171921
    Iphone osApple2931611277
    Windows 10Microsoft226172451
    Windows Server 2016 Microsoft21239251
    Windows Server 2008Microsoft212133981
    Mac os xApple2102151888
    Windows Server 2012Microsoft201156606
    Windows 7Microsoft197134838
    Windows 8.1Microsoft 192154542
    Windows Rt 8.1Microsoft124139438
    Debian Linux Debian953271029
    FedoraFedora project84120441
    Ubuntu linux Canonic66279867
    WatchosApple6577231
    Windows VistaMicrosoft64125814
    OpensuseOpensuse project585119
    LeapOpensuse project57260
    LeapNovell48260349
    XenXen4428228

    Regarding the choice of vulnerabilities for a more detailed consideration (since this was already written in the previous part, we hide everything under the spoiler so as not to extend the text):
    It is worth considering more closely some of the vulnerabilities seen on a particular OS. The CVE Details portal scores each of them. The number of points depends on the level of damage and mass distribution. The maximum score is 10 points. It is about such vulnerabilities (if they exist and if they are unique) that will be discussed later. So that this article does not turn into a five-volume book of Lenin, we will pay attention only to three vulnerabilities from a list that can contain hundreds.

    Regarding the data structure in the tables (since this was already written in the previous part, we hide everything under the spoiler so as not to extend the text):
    Description of tables

    The tables of each of the types of vulnerabilities indicate certain additional parameters related to a particular vulnerability. More about them.

    Impact level on

    1) confidentiality :

    • Full - vulnerability gives attackers access to all information on the device;
    • Partial - significant disclosure of information;
    • None - privacy is not violated;

    2) integrity :

    • Full - the integrity of the system is completely compromised, a complete loss of system protection;
    • Partial - modification of some system files or information is possible, but the attacker does not have control over what can be changed;
    • None - there is no impact on the integrity of the system;


    3) availability :

    • Full - the vulnerability allows an attacker to completely block access to the resource;
    • Partial - decrease in productivity or inconsistent availability of resources;
    • None - there is no impact on system availability;

    Access difficulty

    • Low - special conditions for gaining access are not required, as well as specific knowledge or skills are not required;
    • Medium - some conditions must be satisfied in order to gain access;
    • High - special access conditions restricting the exploit;

    Authentication

    • Not required - authentication is not required to exploit the vulnerability;
    • Single system - the vulnerability requires the cracker to be logged into the system (for example, through the command line, desktop mode or through the web interface).


    1. Windows Server 2008




    Windows Server 2008 is a Microsoft server operating system released on February 27, 2008. She became the first representative of a new generation of Vista family of OS. This OS, which replaced Windows Server 2003, had many new features, including improved security protocols. At the moment, modern equipment no longer supports the once revolutionary server OS. Now the era of versions 2012 and 2016 has come.



    DoS

    Out of 125 vulnerabilities, 4 scored 10 points.

    Vulnerability No. 1 The

    SMB client in Microsoft Windows Server 2008 R2 did not correctly check the fields in the SMB response record, which allowed SMB servers and attackers to execute code and cause DoS through the response created by SMBv1 or SMBv2.

    Vulnerability No. 2

    The SMB client in Microsoft Windows Server 2008 R2 did not correctly check the fields in the SMB response record, which allowed SMB servers and attackers to execute code and cause DoS through the response created by SMBv1 or SMBv2.

    Vulnerability No. 3

    Creating a task for printing through Print Spooler opened the possibility to arrange DoS.


    Table of vulnerabilities of the DoS category in Windows Server 2008 OS

    Bypassing something

    Out of 61 vulnerabilities, only one scored 10 points.

    Vulnerability No. 1 (10)

    IAS incorrectly verified the credentials in the MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allowed remote access to network resources through a malicious request.

    IAS- Internet Authentication Service - a component of the Windows Server OS that centrally manages user accounts.

    Vulnerability No. 2 (9.3)

    ATL could not correctly restrict the use of OleLoadFromStream in created objects from data streams, which allowed to execute arbitrary code through created HTML document with ATL component or to bypass security protocols.

    ATL - Active Template Library - a set of C ++ language template classes needed to simplify the process of writing COM components.

    Vulnerability No. 3 (9.3)

    Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 did not prevent rendering of local non-HTML files as HTML documents, which made it possible to bypass access restrictions remotely and read any files through vectors, including an exploit for using text / html like standard content type of files that are detected after a redirect.


    Vulnerability Table of Vulnerability Category Vulnerabilities in Windows Server 2008

    Code Execution

    Out of 302 vulnerabilities received 10 points 37.

    Vulnerability No. 1 of the

    OS provided the cracker with complete control over the system when Windows Search could not handle the processing of memory objects.

    Vulnerability No. 2

    The OS gave the cracker full control over the system when Windows Search could not handle the processing of memory objects.

    Vulnerability No. 3 of

    Windows Search made it possible to execute code due to a failure in the processing of DNS responses.


    Vulnerability Table of the Code Execution category in Windows Server 2008 OS

    Memory corruption

    Total 69 vulnerabilities. 10 points - 4 vulnerabilities.

    Vulnerability No. 1 The

    SMB client in Microsoft Windows Server 2008 R2 did not correctly check the fields in the SMB response record, which allowed SMB servers and attackers to execute code and cause DoS through the response created by SMBv1 or SMBv2.

    Vulnerability No. 2

    The SMB client in Microsoft Windows Server 2008 R2 did not correctly check the fields in the SMB response record, which allowed SMB servers and attackers to execute code and cause DoS through the response created by SMBv1 or SMBv2.

    Vulnerability No. 3

    Creating a task for printing through Print Spooler opened the possibility of corrupted memory.


    Vulnerability table of the “Memory corruption” category in Windows Server 2008 OS

    Access to information

    Total - 176. 10 points - 0.

    Vulnerability No. 1 (7.2)

    Kernel-mode drivers allowed a local authenticated user to execute the application they created to obtain information.

    Vulnerability No. 2 (6.8)

    The Group Policy implementation did not correctly distribute passwords, which made it possible to seize credentials and gain privileges using access to SYSVOL .

    SYSVOL - System Volume - a general directory on the server that stores copies of public domain files.

    Vulnerability No. 3 (6.6) of

    win32k.sys in kernel-mode drivers allowed local users to acquire information from kernel memory through the created application.


    Information Access Vulnerability Table in Windows Server 2008 OS 359

    privilege escalation

    - total. 10 points - 2 vulnerabilities.

    Vulnerability No. 1 (10)

    Kernel-mode drivers made it possible to obtain privileges through the created application.

    Vulnerability No. 2 (10)

    The Graphics component in the kernel allowed a local user to obtain privileges through the created application.

    Vulnerability No. 3 (9.3)

    The race condition in the implementation of the SMB client allowed remote SMB servers to increase privileges through the reconciliation response created by SMB.


    Table of vulnerabilities in the "Privilege escalation" category in Windows Server 2008 OS

    Overflow

    Out of 139 vulnerabilities, 9 of them scored the maximum score.

    Vulnerability # 1

    Creating a print task through Print Spooler could lead to software overflow.

    Vulnerability # 2:

    The DSA_InsertItem function in Comctl32.dll allocated memory incorrectly, allowing a remote attacker to execute code through the generated value in an argument on an ASP.NE web application.

    Vulnerability No. 3

    Buffer overflow in the Telnet service allowed the execution of arbitrary code through the created packages.


    Overflow Vulnerability Table in Windows Server 2008

    2. Mac Os X




    Mac Os X is an Apple operating system. It was first introduced as a beta in 2001. Until 2012, it was called Mac OS X, then -OS X, and since 2016, macOS. According to various data, the correctness of which is extremely difficult to verify, the market share of macOS is about 5%. Naturally, a large part of the market is occupied by various versions of Windows, for example, Windows 7 - more than 25%.

    The total number of recorded vulnerabilities was generated on the basis of data collected between 1999 and 2017 and amounts to 1888.



    DoS

    Out of 891 vulnerabilities, 10 scored 47 points.

    Vulnerability No. 1

    ImageIO allowed a remote attacker to execute arbitrary code or organize DoS through xStride and yStride created by him values ​​in the EXR image.

    Vulnerability No. 2

    libxml2 allowed a remote attacker to execute arbitrary code or organize DoS through the XML document he created.

    Vulnerability No. 3

    Audio in OS X prior to version 10.12 allowed a remote cracker to execute arbitrary code or organize DoS through an uninstalled vector.


    Table of vulnerabilities of the DoS category in macOS OS

    Bypassing something

    176 - in total. 10 points - 21.

    Vulnerability No. 1 of

    Adobe Reader and Acrobat 10.x (up to version 10.1.14) and 11.x (up to version 11.0.11) allowed an attacker to bypass restrictions on the execution of the JavaScript API through an undefined vector.

    Vulnerability No. 2 of

    Adobe Reader and Acrobat 10.x (up to version 10.1.14) and 11.x (up to version 11.0.11) allowed an attacker to bypass restrictions on the execution of the JavaScript API through an undefined vector.

    Vulnerability No. 3

    The File Bookmark component in OS X prior to version 10.11.2 made it possible to bypass sandbox security protocols (sandboxes) for application bookmarks through the created file path.


    Table of vulnerabilities in the Crawl Something category on macOS

    Code execution of

    843 vulnerabilities in all. Scored 10 points - 83.

    Vulnerability No. 1

    ImageIO allowed a remote attacker to execute arbitrary code or organize DoS through the xStride and yStride values ​​created by him in the EXR image.

    Vulnerability No. 2 of

    libxml2 allowed a remote attacker to execute arbitrary code or organize DoS through the XML document he created.

    Vulnerability No. 3

    Audio in OS X prior to version 10.12 allowed a remote cracker to execute arbitrary code or organize DoS through an undefined vector.


    Vulnerability table of the Code Execution category in macOS OS

    Memory corruption

    425 vulnerabilities in total, of which 10 scored 26.

    Vulnerability No. 1 of

    ImageIO allowed a remote attacker to execute arbitrary code or organize DoS through the values ​​created by xStride and yStride in an EXR image.

    Vulnerability No. 2 of

    libxml2 allowed a remote attacker to execute arbitrary code or organize DoS through the XML document he created.

    Vulnerability No. 3

    Audio in OS X prior to version 10.12 allowed a remote cracker to execute arbitrary code or organize DoS through an uninstalled vector.


    Table of vulnerabilities in the "Memory corruption" category in macOS

    Access to information

    230 vulnerabilities in total, none of which scored 10 points.

    Vulnerability No. 1 (9.4)

    Quick Look, during the preview of the HTML file, did not prevent plug-ins from creating a network request, which could open the way to obtaining information.

    Vulnerability No. 2 (9.3)

    Using the created application in the login window, an attacker could obtain information, execute code, or lead to DoS.

    Vulnerability No. 3 (9.3)

    Using the created application in the login window, an attacker could obtain information, execute code, or lead to DoS.


    Table Vulnerability category "Access to information" in the OS macOS

    Increased privileges

    5 out of 161 vulnerabilities scored 10 points.

    Vulnerability No. 1

    Graphic drivers provided the ability to increase privileges through a 32-bit executable file for the created application.

    Vulnerability No. 2

    fontd in Apple Type Services (ATS) allowed a local user to obtain privileges through an uninstalled vector.

    Vulnerability No. 3

    The kernel of the OS gave local users the opportunity to obtain privileges through an uninstalled vector.


    Vulnerability table of the “Privilege escalation” category in macOS

    Overflow

    691 vulnerability of which 10 points earned 45.

    Vulnerability No. 1

    ImageIO allowed a remote attacker to execute arbitrary code or organize DoS through the xStride and yStride values ​​he created in the EXR image.

    Vulnerability No. 2 of

    libxml2 allowed a remote attacker to execute arbitrary code or organize DoS through the XML document he created.

    Vulnerability No. 3

    Audio in OS X prior to version 10.12 allowed a remote cracker to execute arbitrary code or organize DoS through an uninstalled vector.


    MacOS overflow vulnerability table

    The above data can be interpreted in different ways. However, it is worth being objective. For example, “Access to Information” - 230 vulnerabilities, but there are no critical vulnerabilities, which indicates a decent level of data protection. Of course, one cannot judge OS security by the presence of holes. It is worth considering exactly how many exploit cases of these holes were.

    3. Windows Server 2012




    Windows Server 2012 is the server operating system from Microsoft, released September 4, 2012. A rather young and popular OS for servers, it provides users with a special service called Dynamic Access Control, which improves file-domain-level protection and increases folder security.



    DoS

    68 - total. 10 points - 0. The

    vulnerability No. 1 (9.3) of

    usp10.dll in Uniscribe allowed adding an entry to the EMF + font file, which made it possible to execute code or lead to DoS.

    Vulnerability No. 2 (9.3)

    MSXML 3.0 allowed DoS through the created XML content.

    MSXML - Microsoft XML Core Services.

    Vulnerability No. 3 (9.3)

    atmfd.dll in the Adobe Type Manager library allowed a remote attacker to arrange DoS through the OpenType font he created.


    Table of vulnerabilities in the DoS category in Windows Server 2012

    Bypassing something

    Total - 62. 10 points - 0.

    Vulnerability No. 1 (9.3) of the

    OS allowed an attacker to bypass application sandbox security protocols and take some actions in the registry through the created application.

    Vulnerability No. 2 (9.3) of the

    OS allowed an attacker to bypass application sandbox security protocols and carry out certain actions in the file system through the created application.

    Vulnerability No. 3 (7.6)

    The OS could not correctly restrict the exchange of keyboard and mouse data between programs at different integrity levels, which allowed an attacker to bypass access restrictions by gaining control over a low-level process to launch the on-screen keyboard, and then download the created application.


    Vulnerability table of the “Crawl something” category in Windows Server 2012 OS

    Code execution

    Total - 167. 10 points - 12.

    Vulnerability No. 1 of the

    OS allowed remote control over the system when Windows Search could not handle the processing of memory objects.

    Vulnerability No. 2 of the

    OS allowed remote control over the system when Windows Search could not handle the processing of memory objects.

    Vulnerability No. 3

    The OS allowed you to remotely execute arbitrary code when it could not cope with the processing of DNS responses.


    Vulnerability table of the Code Execution category in Windows Server 2012 OS

    Memory corruption

    Total - 26. 10 points - 0.

    Vulnerability No. 1 (9.3)

    Animation Manager allowed an attacker to execute code execution through the created website.

    Vulnerability No. 2 (9.3)

    Media Foundation allowed an attacker to execute code through the created website.

    Vulnerability No. 3 (9.3)

    The iSNS Server service allowed attackers to send requests through software overflow.


    Vulnerability Table of the Memory Corruption Category in Windows Server 2012 OS

    Information Access

    Total - 159. 10 points - 0.

    Vulnerability No. 1 (7.2)

    Kernel-mode drivers allowed a local authenticated user to execute a specially created application for positioning information.

    Vulnerability No. 2 (6.8)

    The implementation of Group Policy did not correctly distribute passwords, which made it possible to seize credentials and gain privileges using access to SYSVOL.

    Vulnerability No. 3 (6.6) of

    win32k.sys in kernel-mode drivers allowed local users to acquire information from kernel memory through the created application.


    Vulnerability table of the "Access to Information" category in Windows Server 2012 OS

    Increase in privileges

    Total - 186. 10 points - 2.

    Vulnerability No. 1 (10)

    Kernel-mode drivers allowed you to increase privileges through a specially created application.

    Vulnerability No. 2 (10)

    The Graphics component in the OS kernel allowed local users to obtain privileges through the created application.

    Vulnerability No. 3 (9.3)

    Software overflow in Windows Shell, the ability for local users to obtain privileges through the created briefcase .

    briefcase - portfolio - a means of automatically synchronizing multiple copies of files.


    Vulnerability Table of the Privilege Increase category in Windows Server 2012

    Overflow

    Total - 72. 10 points - 3.

    Vulnerability No. 1

    OS kernel-mode drivers did not properly handle memory objects. which allowed the cracker to remotely execute code through the TrueType font file he created.

    Vulnerability # 2:

    The DSA_InsertItem function in Comctl32.dll allocated memory incorrectly, allowing a remote attacker to execute code through the generated value in an argument on an ASP.NE web application.

    Vulnerability No. 3

    Buffer overflow in the Telnet service allowed the execution of arbitrary code through the created packages.


    Overflow Vulnerability Table in Windows Server 2012

    Among all vulnerabilities, the most common were those that led to an increase in privileges. However, they did not have critical consequences. More advanced, with improved security protocols, Windows Server 2012 has become an excellent replacement for Windows Server 2008.

    4. Windows 7




    Windows 7 is a custom-type operating system of the Windows NT family, released October 22, 2009. At the moment, a new version of the Windows family of OS already exists and is gaining momentum - it is Windows 10. But despite the progress, the seven remain in the lead in popularity, occupying about 25% of the market. If we consider only Microsoft products, then Windows 7, among others, the version (including 8, and 10) takes 40%.



    DoS

    Total - 90. 10 points - 3.

    Vulnerability No. 1

    SMB client incorrectly checked the fields in the SMB response record, which allowed SMB servers and attackers to execute code, lead to DoS through the response created by SMBv1 or SMBv2.

    Vulnerability No. 2

    The SMB client incorrectly checked the fields in the SMB response record, which allowed SMB servers and attackers to execute code and cause DoS through the response created by SMBv1 or SMBv2.

    Vulnerability No. 3

    Creating a task for printing through Print Spooler opened the possibility to arrange DoS.


    Table of DoS vulnerabilities in Windows 7

    Bypassing anything

    Total - 56. 10 points - 0.

    Vulnerability No. 1 (9.3) of the

    OS, when IMJPDCT.EXE was installed, allowed a remote cracker to bypass sandbox security protocols through the created PDF document.

    Vulnerability No. 2 (9.3) of the

    OS allowed an attacker to bypass application sandbox security protocols and conduct some actions in the registry through the created application.

    Vulnerability No. 3 (9.3)

    The OS allowed the cracker to bypass application sandbox security protocols and perform some actions on the file system through the created application.


    Vulnerability table of the “Crawl something” category in Windows 7

    Code execution

    Total - 237. 10 points - 23.

    Vulnerability No. 1 of the

    OS allowed remote execution of arbitrary code due to the way Windows Search processed memory objects.

    Vulnerability No. 2 of the

    OS allowed remote code execution when it could not cope with the processing of DNS responses.

    Vulnerability No. 3

    Microsoft .NET Framework 1.0 SP3, 1.1 SP1 and 2.0 SP1 incorrectly checked .NET code, which allowed a remote cracker to access the memory stack and execute arbitrary code through a browser-created XAML application or ASP.NET application or .NET Framework application.


    Vulnerability table of the Code Execution category in Windows 7

    Memory corruption

    Total - 49. 10 points - 3.

    Vulnerability No. 1

    SMB client in Microsoft Windows Server 2008 R2 incorrectly checked the fields in SMB response records, which allowed SMB servers and attackers to execute code, DoS through the generated SMBv1 or SMBv2 response.

    Vulnerability No. 2

    The SMB client in Microsoft Windows Server 2008 R2 did not correctly check the fields in the SMB response record, which allowed SMB servers and attackers to execute code and cause DoS through the response created by SMBv1 or SMBv2.

    Vulnerability No. 3

    Creating a task for printing through Print Spooler opened the possibility of corrupted memory.


    Vulnerability table of the “Memory Corruption” category in Windows 7 OS

    Access to information

    Total - 173. 10 points - 0.

    Vulnerability No. 1 (7.2)

    OS kernel mode drivers allowed a local authenticated user to execute a specially created application for receiving information.

    Vulnerability No. 2 (6.8)

    The Group Policy implementation did not correctly distribute passwords, which made it possible to seize credentials and gain privileges using access to SYSVOL.

    Vulnerability No. 3 (6.6) of

    win32k.sys in kernel-mode drivers allowed local users to acquire information from kernel memory through the created application.


    Vulnerability table of the “Access to Information” category in Windows 7 OS

    Increase in privileges

    Total - 333. 10 points - 2.

    Vulnerability No. 1 (10)

    OS kernel mode drivers allowed local users to obtain privileges through creating an application.

    Vulnerability No. 2 (10)

    The Graphics component in the OS kernel allowed local users to obtain privileges through the created application.

    Vulnerability No. 3 (9.3)

    The race condition in the implementation of the SMB client allowed remote SMB servers to increase privileges through the reconciliation response created by SMB.


    Vulnerability table of the “Privilege escalation” category in Windows 7

    Overflow

    Total - 110. 10 points - 6.

    Vulnerability No. 1

    Creating a print task through Print Spooler went to lead to software overflow.

    Vulnerability # 2:

    The DSA_InsertItem function in Comctl32.dll allocated memory incorrectly, allowing a remote attacker to execute code through the generated value in an argument on an ASP.NE web application.

    Vulnerability No. 3

    Buffer overflow in the Telnet service allowed the execution of arbitrary code through the created packages.


    Table of vulnerabilities in the Overflow category in Windows 7

    It is precisely for the lack of critical bugs and holes that Windows 7 has earned so much popularity among users. But there are still vulnerabilities, and many, although their impact on the operation of the system cannot be called significant.

    5. Windows 8.1




    Windows 8.1 is a user-type operating system of the Windows NT family, released October 17, 2013. It is transitional between Windows 8 and Windows 10.



    DoS

    Total - 52. 10 points - 0.

    Vulnerability No. 1 (9.3) of

    usp10.dll in Uniscribe allowed adding to the file font EMF + record, which opened the possibility of code execution or lead to DoS.

    Vulnerability No. 2 (9.3)

    MSXML 3.0 allowed DoS through the created XML content.

    Vulnerability No. 3 (9.3) of

    atmfd.dll in the Adobe Type Manager library allowed a remote attacker to launch DoS through the font created by OpenType.


    Table of vulnerabilities in the DoS category in Windows 8.1

    Bypassing something

    56 vulnerabilities in total, of which 0 scored 10 points.

    Vulnerability No. 1 (9.3) of the

    OS allowed an attacker to bypass application sandbox security protocols and conduct some actions in the registry through the created application.

    Vulnerability No. 2 (9.3) of the

    OS allowed an attacker to bypass application sandbox security protocols and carry out certain actions in the file system through the created application.

    Vulnerability No. 3 (7.6) of the

    OS could not truly restrict the exchange of keyboard and mouse data between programs at different integrity levels, which allowed an attacker to bypass access restrictions by gaining control over a low-level process to launch the on-screen keyboard, and then download the created application.


    Vulnerability category category vulnerability table in Windows 8.1

    code execution

    Out of 155, only 7 vulnerabilities scored 10 points.

    Vulnerability No. 1 of the

    OS allowed an attacker to gain control of the system when Windows Search could not cope with the processing of memory objects.

    Vulnerability No. 2 of the

    OS allowed an attacker to gain control of the system when Windows Search could not handle the processing of memory objects.

    Vulnerability No. 3 of the

    OS allowed remote execution of arbitrary code, because it could not process DNS responses.


    Vulnerability table of the Code Execution category in Windows 8.1 OS

    Memory corruption

    There were 24 vulnerabilities detected in total, but not one scored 10 points.

    Vulnerability No. 1 (9.3)

    The Imaging component allowed a remote attacker to execute code through a created document.

    Vulnerability No. 2 (9.3)

    Animation Manager allowed a remote cracker to execute code through the created website.

    Vulnerability No. 3 (9.3)

    Media Foundation allowed a remote cracker to execute code through the created website.


    Vulnerability Table of the Memory Corruption Category in Windows 8.1 OS

    Access to Information

    A total of 152 vulnerabilities were discovered. 0 scored 10 points.

    Vulnerability No. 1 (7.2)

    OS kernel-mode drivers allowed a local authenticated user to execute the created application to obtain information.

    Vulnerability No. 2 (6.8)

    The implementation of Group Policy did not correctly distribute passwords, which made it possible to seize credentials and gain privileges using access to SYSVOL.

    Vulnerability No. 3 (6.6) of

    win32k.sys in kernel-mode drivers allowed local users to acquire information from kernel memory through the created application.


    Vulnerability table of the "Access to Information" category in Windows 8.1

    Increase of privileges

    Total - 161. 10 points - 2.

    Vulnerability No. 1

    OS kernel mode drivers allowed a local user to obtain privileges through the created application.

    Vulnerability No. 2

    The Graphics component in the OS kernel allowed local users to obtain privileges through the created application.

    Vulnerability No. 3 (9.3) The

    vulnerability of directory traversal in the OS allowed a remote attacker to gain privileges through the created path in the executable file.


    Vulnerability table of the “Privilege escalation” category in Windows 8.1

    Overflow

    Total vulnerabilities - 53. 10 points - 1.

    Vulnerability No. 1

    Buffer overflow in the Telnet service allowed to execute arbitrary code through the created packages.

    Vulnerability No. 2 (9.3)

    icardie.dll allowed remote attackers to execute code or call DoS through a created web page, which should be accessed through Internet Explorer.

    Vulnerability No. 3 (9.3)

    Software overflow in GDI allowed to execute arbitrary code or cause DoS through the created image in a Windows Write document (.wri), which was incorrectly processed by WordPad.


    Overflow vulnerability table in Windows 8.1

    In almost all categories of vulnerabilities, there are no critical cases. Most of the holes, as in earlier versions of Windows, are the categories “access to information” and “privilege escalation”. The former can lead to data loss during the exploit, and the latter can lead to the activation of malicious software by increasing its privileges.

    Statistics - a subtle thing. Or rather, confused, sometimes provocative, and sometimes not entirely true. However, from any data you can draw some useful information or draw some conclusions. This is especially useful, of course, for the OS developers themselves. If you know your vulnerabilities, it can fix them.

    In the next part, in addition to another version of the Windows OS (yes, there are many, sorry), we will familiarize ourselves with more unusual operating systems.

    Have a nice day and fewer holes in your systems.

    As an advertisement. These are not just virtual servers! These are VPS (KVM) with dedicated drives, which can be no worse than dedicated servers, and in most cases - better! We made VPS (KVM) with dedicated drives in the Netherlands and the USA (configurations from VPS (KVM) - E5-2650v4 (6 Cores) / 10GB DDR4 / 240GB SSD or 4TB HDD / 1Gbps 10TB available at a uniquely low price - from $ 29 / month , options with RAID1 and RAID10 are available) , do not miss the chance to place an order for a new type of virtual server, where all resources belong to you, as on a dedicated one, and the price is much lower, with a much more productive hardware!

    How to build the infrastructure of the building. class using Dell R730xd E5-2650 v4 servers costing 9,000 euros for a penny?Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA!

    Also popular now: