|
The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg
|
| bet | 8/9 | | Sana | 12.08.2023 | | Hajmi | 58.92 Kb. | | #78423 |
Bog'liq The-Threats-To-Our-ProductsWhat products are susceptible? All server products (operating systems, server applications, content and media services) are susceptible to privilege elevation threats. Because client systems are assumed to run in the context of the unprivileged user, they should not be trusted to not misuse the user's capabilities. This becomes even more important when a privileged user such as an administrator uses the client software. For this reason, privileged users are expected to run only "trusted clients."
Client operating systems, such as Windows 2000 Professional, are subject to the same threats as the server operating system. Because they do not have the concept of privileged vs. unprivileged mode, operating systems such as Win9x (which runs only in privileged mode) cannot be associated with such threats.
Because desktop applications typically depend on underlying operating systems to handle privileged vs. unprivileged user distinctions, privilege elevation threats are not applicable to desktop applications. But applications can create vulnerabilities that cause such attacks to be launched against the underlying operating system. Examples include supporting Trojans (such as Office macros) and disobeying the "least privileged" rule, where applications open files for more access than is necessary, thereby causing the system to be configured with lax security.
Beyond the basic threats
Several other threats cannot be completely addressed in software, yet still require proper policies and procedures to be in place. Software can help raise the bar, however, and protect against some of these threats. They are valid customer security issues, so Microsoft products should consider the following when doing security analysis (during product development) and identify which are not addressed with clear rationales.
Privilege misuse is one of the very common attacks we have seen associated with various Microsoft products. It happens when a user with administrative access does things that violate security procedures, such as browsing an untrusted Web site or editing a document from an untrusted source. This problem is very common with PC systems that are often used without formal logon, so in essence every user has full administrative rights.
|
| |
