COMPUTER SECURITY

Computer Security



Coursework on Computer Security

Introduction

Organizations of all sizes invest billions of dollars each year on network security technologies. Yet they still continue to fall prey to denial of service attacks, fast moving viruses and blended threats, hackers and worms. A single enterprise can spend millions per year on IDS, firewalls and anti-virus software, while the real network security culprits - common vulnerabilities and exposures (CVEs) - go largely undetected and uncorrected. CVEs are the systemic cause of over 90% of all network security breaches. Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides common names for publicly known information security vulnerabilities and exposures. Using a common name makes it easier to share data across separate databases and tools that until now were not easily integrated.

Q: What level of threat does this CVE pose to a windows network/domain?

Unspecified vulnerability in the Win32k TrueType font parsing engine in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document, as exploited in the wild in November 2011 by Duqu (Barker, 2010: 49-53).

A remote code execution vulnerability exists in the Windows kernel due to improper handling of a specially crafted TrueType font file. The vulnerability could allow an attacker to run code in kernel-mode and then install programs; view, change, or delete data; or create new accounts with full administrative rights (Cowan, 2010: 156-158).

There has been a lot of information published on Duqu over the past few days and it is likely exploiting a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. Until a patch as been release to fix this vulnerability, the vulnerability cannot be exploited automatically via email unless the user open an attachment sent in an email message.

This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files(Davis, 2009: 168-171).

Therefore it can be said that it is a detection for malicious code that attempts to exploit a vulnerability in the Win32 TrueType font parsing engine in the Microsoft Windows component "Win32k.sys". An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom

Q: A detailed technical level what is the CVE and how does it function?

Common Vulnerabilities and Exposures (CVE) is a dictionary of standard terms related to security threats. These threats fall into two categories, known as vulnerabilities and exposures(Goldberg et al. , 2010: 133-138). A vulnerability is a fact about a computer, server or network that presents a ...