Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Top 10 Security Threats for Windows 2000 and Windows NT

Top 10 Security Threats for Windows 2000 and Windows NT

by kobbra on November 20th, 2001 Some appreciated world security experts realesed "Top 10 Security Threats" for Windows 2000 and Windows NT. First place was reserved for IIS RDS vulnerability, which especially was popular by Eastern European hackers to break into over 40 banks in the United States and around the world...


Some appreciated world security experts realesed "Top 10 Security Threats" for Windows 2000 and Windows NT.





1. -IIS RDS vulnerability-
First place was reserved for IIS RDS vulnerability, which especially was popular by Eastern European hackers to break into over 40 banks in the
United States and around the world...Many installations of Windows NT with IIS 4 and the NT Option Pack include the Microsoft Data Access
Components (MDAC).These components contain vulnerabilities which can be exploited via IIS, and which allow a remote attacker to run commands with full system privileges.This vulnerability has been and continues to be widely exploited on the Internet.





2. -IIS Unicode vulnerability-
The Windows NT and 2000 IIS server contains a vulnerability that may allow an attacker to execute arbitrary commands on the server. The
commands are run with relatively weak permissions, but once on the server, there are a variety of methods of gaining additional privileges. By sending an IIS server a carefully constructed URL containing an invalid Unicode UTF-8 sequence an attacker can force the server to literally ‘walk up and out’ of a directory and execute arbitrary scripts.
This type of attack is also known as the directory traversal attack.






3. -ISAPI Extension Buffer Overflows-
When IIS is installed, several ISAPI extensions are automatically installed. ISAPI, which stands for Internet Services Application Programming Interface, allows developers to extend the capabilities of an IIS server using DLLs. Several of the DLLs, like idq.dll, contain programming errors that cause them to do improper error bounds checking. In particular, they do not block unacceptably long input strings. Attackers can send data to these DLLs, in what is known as a
buffer overflow attack, and take full control of an IIS web server.





4. -NETBIOS - unprotected Windows networking shares-
The Server Message Block (SMB) protocol, also known as the Common Internet File System (CIFS), enables file sharing over networks. Improper configuration can expose critical system files or give full file system access to any hostile party connected to the Internet. Many
computer owners unknowingly open their systems to hackers when they try to improve convenience for coworkers and outside researchers by making their drives readable and writeable by network users.





5. -SQL Server With No System Administrator (SA)Password-
The default installations of SQL Server 6.5 and 7.0 leave no password on the sa database account.This allows anyone to connect to the
database with the highest privilege level.Aside from allowing an attacker to read, modify,and/or delete critical business information stored in the
database, this vulnerability usually allows them the ability to run arbitrary operating system level commands.This lets an attacker compromise the entire system, not just the SQL Server,and could lead
to further compromises of other machines on the network,due to trust
relationships being abused.





6. -Weak or No passwords-
One of the most common problems on networks is simply accounts with weak passwords,or no password at all.This allows an attacker to gain
access easily as a normal user,or perhaps as an administrator.Even if only a normal user account is cracked,it affords the attacker another point from which to attack the network and gain further access.





7. -LanMan Responses On The Network-
Even if your password policies are relatively strong,there can be weaknesses in how they are used on the network. Microsoft ’s original
authentication system in NT has serious weaknesses that allow an attacker to crack passwords by sniffing data off the network. Microsoft has fixed this in later service packs of NT4,but their fix doesn ’t kick in unless it ’s configured to activate. This requires having a registry value on every machine on your network.





8. -Gathering Useful Information Is Too Easy (Null Sessions)-
Windows NT (and 2000)will give out lots of useful information to anyone,including anonymous connection (null sessions). This information
can be used by attackers to get a detailed picture of your network,including,for example,who the users are,what groups they ’re members of,when they ’ve last logged on.





9. -Poor Default Permissions Leave Many Avenues Of Attack-
The Windows NT default permissions on files,directories,shares,registry keys,etc.,are very loose. Windows 2000 default permissions are better,
but could be improved.These loose permissions provide many avenues
for an attacker who can log into a machine.
The attacker can insert Trojan horses or backdoors that will compromise
other users who log in to the machine,including any administrators who happen to log in.





10. -Unpatched Machines Allow Local Promotion-
Besides poor default permissions,another means by which attackers can compromise machines and install Trojan horses is by exploiting
unpatched security holes on workstations. There have been a number of local promotion bugs in Windows NT and 2000 that allow a normal user
to gain administrative access to a machine.
All too often, the hotfixes for these issues are not installed,which leaves many vulnerable machines on the network.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »