15 Deadly Windows Security Flaws and Vulnerabilities
Windows has a long history of critical security flaws and far-reaching vulnerabilities. WannaCry, a form of ransomware that takes access of the system away from the user, is just one recent example of these flaws being used to gain unauthorized access to remote systems.
It begs the question — what are some other security flaws and vulnerabilities that have affected the operating system over the years? Here are 15 examples.
1. Windows 10 Mount Manager Exploit (CVE-2015-1769, MS15-085)
Users can potentially elevate their privilege levels simply by inserting a USB device. More specifically, the attacker can write and include malicious binary on the drive, which can be executed to take control.
One of the best ways to combat potential weakness is to keep up-to-date with patches and security fixes and maintain your system. Luckily, Microsoft has released an update that patches this vulnerability. You can alsoinstall virus and malware protection tools, and always download and install Windows updates as soon as they are available.
2. Microsoft Plug and Play Service Overflow (CVE-2005-1983, MSB-MS05-039)
This vulnerability was a serious exploit for Windows 2000, specifically the Plug and Play service. The Zotob worm was one of the most common infections that made use of the exploit. It resulted in frequent crashes or reboots for infected machines and opened them up to more malicious attacks and code.
To protect from the exploit, Microsoft released a security patch. The Zotob worm took advantage of an open port — TCP port 445 —made vulnerable by the exploit. To combat this, you can always seal up open ports through your method of choice, though this can alter system processes, such as file sharing.
3. Microsoft Edge Vulnerabilities (MS15-091)
There are quite a few vulnerabilities allowing for remote-code execution of the browser Edge and security feature bypasses thatlet attackers quickly gain control of a system. Because the attacks are numerous, it’s important to identify the root app that’s affected rather than a single exploit.
The best way to protect yourself from this problem is to continue patching and updating Windows by turning on the Windows auto-update feature. You can find more information on Edge vulnerabilities at Microsoft’s security bulletin page.
4. Microsoft’s Graphics Component Vulnerabilities (MS15-080)
This affects a swath of Microsoft products, including Windows, Office, the .NET Framework, Lync and Silverlight. The attack allows for remote code execution thanks to a glaring weakness in TrueType or OpenType graphics fonts. To gain access, an attacker simply needs to get users to open a unique document or visit an untrusted webpage. The infected fonts are then embedded and opened via the machine. Microsoft has released an update to fix the flaw.
5. Win32K Elevation of Privilege Vulnerability (CVE-2015-0057)
Thanks to a flaw in the GUI component of Windows 10, an attacker could gain complete control of the affected machine through a page or content scrollbar.
The threat allowed external parties to gain access to a machine through privilege escalation, which could result in more malicious code being run or added. Luckily, Microsoft released a patch for the flaw rather quickly.
6. Microsoft Font Driver Vulnerability (MS15-078)
This exploit has the potential to cause some serious damage, because it allows for complete control of the infected system. Windows Adobe Type Manager, responsible for various fonts and graphics, improperly handles some forms of OpenType. Someone could use this to execute code remotely and take over the system.
Attackers would then be able to install and uninstall programs, view, change or delete data, and even create new user accounts for further remote access. Microsoft has auto-patched this exploit.
7. Windows 10 Wi-Fi Sense Contact Sharing Feature
By default, Windows 10 shares Wi-Fi credentials, including the SSID and password to certain contacts via Outlook, Skype and Facebook. A contact offered this data could theoretically connect to your Wi-Fi network without direct authorization and do some damage. To fix:
- Before upgrading or updating to Windows 10 (installing too), amend the Wi-Fi network name or SSID so it includes “_nomap_optout.” This will disable the default sharing feature of Windows 10.
- After the update or install, go into your Windows privacy settings and disable “Wi-Fi Sense Sharing.”
- Finally, you can revert your Wi-Fi network SSID back to what it was originally or remove the “_nomap” tag.
8. Re-Direct to SMB Vulnerability, All Windows Versions (CVE-2015-5143)
A Windows API library was particularly vulnerable in how it handled connections through SMB. If leveraged, Windows could be redirected to a malicious SMB server, resulting in direct access to encrypted login credentials. With that information, attackers could gain access and wreak havoc on the system.
One of the best ways to remedy the problem is to ensure ports TCP 139 and TCP 445 are both blocked and closed completely, thus disabling SMB.
9. HTTP.sys Remote Code Execution Vulnerability (CVE-2015-1635)
Similar to the infamous Heartbleed exploit, this one allowed hackers to remotely execute malicious code via specially designed HTTP requests. Certain versions of Windows failed to appropriately parse the affected request, which could easily be leveraged, and attackers could execute the arbitrary code from the system account.
Windows 7, 8 and 8.1, Server 2008 and Server 2012 were potentially affected. Microsoft did release a patch to seal the hole, again underscoring the importance of regular Windows updates such as in the Wannacry situation.
10. Third-Party Software Exploits
Certain third-party software and tools can be exploited just like Windows, allowing access to the greater system. While not technically a Windows-system vulnerability, this is a problem you need to remain aware of. Such software includes:
- Adobe Flash
Parties can leverage Metasploit, CANVAS and CORE IMPACT to dive into a network or system and gain full remote access. The fix? Make sure your software, apps, tools and system are always up-to-date.
11. Windows Journal Remote Code Execution Vulnerability (MS16-013)
This gaping vulnerability affected users of Windows Vista or later when it made the rounds, including Windows 10. It allowed attackers to run arbitrary or malicious code as a system administrator. The access point was a unique Journal file.
Once infected, attackers could run programs, delete data and files, and more. Interestingly, the same vulnerability also affected Windows Server 2016, certain versions of Microsoft Office and Adobe Flash Player. Microsoft patched the flaw in a security hotfix.
12. Windows Security Protocol Vulnerabilities (CVE-2017-8563)
This vulnerability actually comes in two similar forms, one of which was not assigned a CVE tag. Both exploit problems with the Windows security protocol, one via the Lightweight Directory Access Protocol and the other via the RDP Restricted-Admin Mode.
This system is designed to protect against various attacks, including Man-in-the-Middle attacks and authentication or credential forwarding. The flaws allow attackers to leverage a system that is working improperly. Microsoft has patched these in recent updates.
13. Windows Common Controls Remote Code Execution Vulnerability (CVE-2012-1856, MS12-60)
This vulnerability in Windows common controls allows hackers to remotely execute arbitrary code. Many services and systems were affected by the vulnerability, but Microsoft released an update quickly.
14. Internet Explorer Cumulative Security Update (MS14-012)
Internet Explorer saw several cumulative security patches and updates throughout its lifetime, none as critical as this one. The flaw allowed a hacker to remotely execute code and gain access to the affected system. Microsoft’s update fixed a number of potential problems.
15. Windows OLE Remote Code Execution Vulnerability (CVE-2014-4114, MS14-060)
The Windows OLE vulnerability affected nearly all versions of the Windows operating system from Vista up. When a user opened a crafted OLE object embedded within a Microsoft Office file, remote code could be executed. Arbitrary code would offer access to the current user, which could be incredibly damaging if said user is a system administrator.Luckily, the exploit was privately reported and patched by Microsoft.
You never know what’s lurking beneath the surface or how your system may be infected or attacked. It’s crucial to keep everything up-to-date, including your virus and malware tools.