|
The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg
|
| bet | 7/9 | | Sana | 12.08.2023 | | Hajmi | 58.92 Kb. | | #78423 |
Bog'liq The-Threats-To-Our-ProductsWhat products are susceptible? All software products are susceptible to denial of service threats. Microsoft product groups should address them in the proactive security process by identifying various vulnerabilities that can result in denial of service. While D.o.S. is one of the hardest security threats to address, and in many cases it is reasonable not to address them, your team should identify and rationalize all such cases.
Elevation of privilege
What's the threat? An unprivileged user gains privileged access and thereby has sufficient access to completely compromise or destroy the entire system. The more dangerous aspect of such threats is compromising the system in undetectable ways whereby the user is able to take advantage of the privileges without the knowledge of system administrators. Elevation of privilege threats include those situations where an attacker is allowed more privilege than should properly be granted, completely compromising the security of the entire system and causing extreme system damage. Here the attacker has effectively penetrated all system defenses and become part of the trusted system itself and can do anything.
What do these threats have in common?
Improperly gaining unrestricted rights (becoming a "administrator").
Running untrusted data as native code in a trusted process, such as by buffer overrun.
Spoofing identity to gain access to resources not otherwise available.
Examples
Buffer overruns, such as handcrafted stacks in a GetAdmin attack, causing user code to be executed at an elevated privilege and thereby compromising the entire operating system's trusted computing base.
The ability to run executables without the (privileged) user's consent can allow the perpetrator to perform privileged operations, such as making himself or herself a privileged user.
Rogue OCX/ActiveX control with malicious code.
Missing impersonation in the server, or client-side impersonation such as the one leveraged by SecHole.exe, causes the server to do privileged operations on behalf of an unauthorized user, thereby effectively raising the privilege level of the malicious user.
Missing or improper access checks in the security subsystem itself can result in privilege elevation. For example, if group membership of administrators was updated without an access check, it would allow an unauthorized user to become a system administrator.
|
| |
