The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg

Several other threats cannot be completely addressed in software, yet still require proper policies and procedures to be in place. Software can help raise the bar, however, and protect against some of these threats. They are valid customer security issues, so Microsoft products should consider the following when doing security analysis (during product development) and identify which are not addressed with clear rationales.

• 
  Privilege misuse is one of the very common attacks we have seen associated with various Microsoft products. It happens when a user with administrative access does things that violate security procedures, such as browsing an untrusted Web site or editing a document from an untrusted source. This problem is very common with PC systems that are often used without formal logon, so in essence every user has full administrative rights.
  
• 
  
  
  Download 58,92 Kb.