Table of Contents
History of Microsoft Windows Vista and vulnerabilities 2
Discussion about vulnerability 6
How Buffer overflow works: 6
Prevent against Buffer overflow: 6
General security approaches which can be applied to the system 7
Evaluation of a third party protection mechanism 8
References 9
This report is containing four tasks and the aim of this report is to discuss vulnerabilities which are existed in Microsoft Windows Vista over the whole year 2008. In this report I will provide a reasonable level discussion of the history and vulnerabilities of Microsoft Windows Vista. The main sections are:
History of Microsoft Windows Vista and vulnerabilities
Discussion about vulnerability
General security
…show more content…
In Windows Vista, BitLocker Drive Encryption provides better data protection for computers. Microsoft has also indicated that there was a significant improvement has made on the Windows Firewall and Windows Defender. However, Windows vista builds and released to public users with many vulnerabilities like most other previous versions of Microsoft operating system. (Windows 2013)
Below is a summary list of Microsoft windows vista vulnerabilities over one year:
Date
CVE ID
(Vulnerability)
Vulnerability types Score out of 10
Complexity
25/11/2008 CVE-2008-5229 DoS Overflow +Priv 6.9 Medium
12/11/2008 CVE-2008-5044 DoS 4.0 High
20/10/2008 CVE-2008-4609 DoS 7.1 Medium
10/12/2008 CVE-2008-4269 Exec Code 8.5 Medium
10/12/2008 CVE-2008-4268 Exec Code 8.5 Medium
23/10/2008 CVE-2008-4250 4 Exec Code Overflow 10.0 Low
16/09/2008 CVE-2008-4114 1 DoS 7.1 Medium
14/10/2008 CVE-2008-4038 Exec Code Overflow 10.0 Low
14/10/2008 CVE-2008-4036 Overflow +Priv 7.2 Low
03/09/2008 CVE-2008-3893 +Info 1.9 Medium
10/12/2008 CVE-2008-3465 DoSExecCodeOverflow 9.3 Medium
10/09/2008 CVE-2008-3013 Exec Code 9.3 Medium
14/10/2008 CVE-2008-2252 +Priv Mem. Corr. 7.2 Low
14/10/2008 CVE-2008-2251 +Priv 7.2 Low
14/10/2008 CVE-2008-2250 +Priv 7.2 Low
10/12/2008 CVE-2008-2249 Exec Code Overflow 9.3 Medium
12/08/2008 CVE-2008-2246 Bypass +Info 7.8 Low
11/06/2008
This report is prepared to assist the aircraft solutions (AS), a well-known company for equipment and component fabrication in Southern California, in identifying the most important security vulnerabilities. This report also discusses possible threats, the likelihood of the threats occurring
The periodic assessment of risk to agency operations or assets resulting from the operation of an information system is an important activity. It summarizes the risks associated with the vulnerabilities identified during the vulnerability scan. Impact refers to the magnitude of potential harm that may be caused by successful exploitation. It is determined by the value of the resource at risk, both in terms of its inherent (replacement) value, its importance (criticality) to business missions, and the sensitivity of data contained within the system. The results of the system security categorization estimations for each system, is used as an aid to determining individual impact estimations for each finding. The level of impact is rated
This project is to help the Aircraft Solutions (AS), Aircraft Solution Company for equipment and component fabrication in Southern California, in identifying the most important security vulnerabilities. This project also describes about the possible threat for the company security, Hardware and Software systems.
As basic users, security is one feature that most of us overlook when it comes to operating systems until it is too late. In this paper we will discuss the security flaws within the Windows Operating system, and then discuss countermeasures to fix the system flaw.
In developing Windows Server 2008, three key aspects of security were imperative in achieving goal to create our most secure operating system to date .These new security features provide unprecedented levels of protection for a company's network, data, and business, making Windows Server 2008 the most secure Windows Server ever..
There is a mess of servers, switches, switches, and inward equipment firewalls. Each of the association's areas is working with diverse data advances and foundation IT frameworks, provisions, and databases. Different levels of IT security and access administration have been actualized and inserted inside their individual areas. The data engineering framework is maturing and numerous areas are running on antiquated fittings and programming. Additionally, the framework is woefully out-of-dated regarding fixes and overhauls which significantly expand the danger to the arrange as far as classifiedness, trustworthiness, and accessibility.
Which tool and application were used to exploit the identified vulnerability on the targeted Microsoft® Windows 2003 XP server?
Lab #1 – Part A – List of Risks, Threats, and Vulnerabilities Commonly Found in an IT Infrastructure
Windows Vista OS is an operating systems by Microsoft to work with home/office desktops, notebooks, tablet PCs, and other media center PCs. Windows Vista entails several alternate changes, and, latest features and alternatives such as; an updated graphical UI named Windows Aero, a revised search feature, multimedia tools for example Windows DVD Maker and a renovated networking, audio, print, and display sub-system version. Vista aim is to better the level of communication between devices on home networks, using sophisticated peer-to-peer technology so as to enable sharing files and digital media between computer systems and devices.
I have learned skills to diagnose and repair software vulnerabilities within Windows and Linux operating systems through the CyberPatriot program. I also participated in additional studies within the Cisco Networking Academy and received a perfect score on the Cisco Networking Quiz during the CyberPatriot competition.
System/application attacks fall within three categories: denial or destruction, alteration, and disclosure. This paper will cover some common system/application domain vulnerabilities: unauthorized physical and logical access to resources, weaknesses in server operating system and application software, and data loss.
Security flaws or vulnerabilities have increased and spread rapidly over the past several years. More and more vulnerabilities are being discovered by security experts worldwide. Some of these flaws have proved to be extremely dangerous and lethal as they have caused unmeasurable damages to industries and organizations as well as individual users. Security vulnerability can be identified as a fault or weakness in a product or system that allows an attacker to exploit and manipulate that particular vulnerability and compromise the confidentiality, integrity and availability of that product or system (Definition of a Security Vulnerability ).
Vista Point complements the facilities and amenities at Woodlands well. It meets the needs of the residents through the location of where it is constructed. It is located at a residential area allowing the facilities and amenities to be available to the residents residing there. There are various facilities and amenities available. A few examples are convenience stores, supermarkets and food courts. Vista Point is adequate in meeting the needs of housewives through its wet market and a 24-hour supermarket. It is adequate for families since there are multiple food centres available there for them to consume. There are also a few pharmacies located there in order for families to have checkups whenever they are under the weather. If their washing
In 1997 the National Security Agency (NSA) tested the Pentagon’s cyber security in an exercise named “Eligible Receiver”. Within two days of the exercise, the NSA team had penetrated the classified command network and was in complete control of network. Two years later, the United States Air Force experienced a computer breach in which huge amounts of data were being exfiltrated from research files located on airbases. “Gigantic amounts of data were being shipped out from a lot of computers in the Defense Network and from many data systems in the national nuclear laboratories of the Energy Department.” (Clarke, p. 111) File case named “Moonlight Maze”, by the FBI day-lighted two important aspects of information security. Computer specialist