Questions:
1. What vulnerabilities exist for this workgroup LAN based on the advisories? List five of them. 2. Do any vulnerabilities involve privilege elevation? Is this considered a high-priority issue? 3. Identify and document at least three vulnerabilities and the solutions related to the client configurations. Answers:
1. The five vulnerabilities for tis workgroup LAN are based on the Microsoft Security Advisories. The numbers are as follows: a. Advisory # 2846338 – Vulnerability in Microsoft malware protection engine could allow remote code execution. This number involves privilege elevation. b. Advisory # 2719662 – Vulnerabilities in gadgets could allow remote code execution. c. Advisory #2854544 – Updates to improve crytograghy and digital certificate handling in Windows. d. Advisory # 2755801 – Update for vulnerabilities in Adobe flash player in Internet Explorer. e. Advisory # 2877140 – Vulnerability in Internet Explorer could allow remote code execution.
2. Yes
3. Advisory # 2719662 – Solution
Microsoft is announcing the availability of an automated Microsoft fix it solution that disables Windows sidebar and gadgets on supported editions of Windows Vista and Windows 7. Disabling Windows sidebar and gadgets can help protect customers from potential attacks that leverage gadgets to execute arbitrary code. Customers should consider the following ways that an attacker could leverage gadgets to execute arbitrary code: Microsoft is aware that some legitimate gadgets running in Windows sidebar could contain vulnerabilities. An attacker who successfully exploited a gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could create a malicious gadget and then trick a user into installing the malicious gadget.
The Essay on 2000 Pro Windows Microsoft Home
Title Windows XP Pro vs. Windows 2000 ProThesis Statement got to play with XP Pro and fell in love with it the same way with 2000 Pro! Outline I. Introduction A. How I fell in love all over again! B. XP Pro and XP HE (Home Edition) C. Office XPI I. Body A. XP Pro vs. 2000 ProB. Application Compatibility. What's new - IPv 6 D. AD and XP Pro. WINS a thing of the past! III. Conclusion A. XP Server ...
Once installed, the malicious gadget could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. In addition, gadgets can access your computer’s files, show you objectionable content, or change their behavior at any time. Gadgets could also potentially harm your computer. Recommendation: Customers who are concerned about vulnerable or malicious Gadgets should apply the automated Microsoft fix it solution as soon as possible. Advisory # 977981 – Solution
This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Advisory # 979352 – Solution
Solution: This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The Essay on Internet Explorer Ssl Vulnerability
Exploit Available: web Tue Aug 6 13: 42: 57 2002 Date: Mon, 5 Aug 2002 16: 03: 29 -0700 (PDT) From: Mike Benham To: Subject: IE SSL Vulnerability Internet Explorer SSL Vulnerability 08/05/02 Mike Benham web Explorer's implementation of SSL contains a vulnerability that allows for an active, undetected, man in the middle attack. No shown, no warnings are given. Description In the normal case, the ...
