January 29, 2004

FBI's Top 10 Online Security Threats for Windows

The FBI has worked with the SANS Institute to develop a list of the 10 most exploited Windows threats. You can read more about it here.

The gist of it? There are 10 component on the Windows platform that are prone to new vulnerabilities, and are regularly used as the source of an attack vector. They are:

  1. Internet Information Services (IIS)
  2. Microsoft SQL Server (MSSQL)
  3. Windows authentication
  4. Internet Explorer (IE)
  5. Windows remote access services
  6. Microsoft Data Access Components (MDAC)
  7. Windows Scripting Host (WSH)
  8. Microsoft Outlook and Outlook Express
  9. Windows peer-to-peer file sharing (P2P)
  10. Simple Network Management Protocol (SNMP)

I am not sure I would have put IE so far down the list, but theoretical and practical attacks organize it differently. SQL injection/misuse attacks ARE more common that IE URL attacks.

Posted by SilverStr at January 29, 2004 10:29 AM | TrackBack
Comments

Just for the record, there aren't any actual vulnerabilities in WSH (and it's the Windows _Script_ Host, if anyone from the FBI is reading :-) ) but yeah, a lot of attacks rely on its functionality to do their dirty work by running VBS files.

You can use SRP to stop execution of all scripts that aren't signed, or change the default action to "edit" or do a bunch of other things to mitigate this.

Posted by: Peter Torr at January 31, 2004 04:13 PM

Indeed -- listing the Windows Script Host as a vulnerability is rather like listing complete and well-indexed documentation as a vulnerability, because so many attackers read the manual.

The point of WSH is (like documentation!) to make it easier to administer your machine -- that there are vulnerabilities in other software that allow unauthorized people to administer your machine is the problem, not that administration is easy!

Posted by: Eric Lippert at February 2, 2004 03:43 PM