logo

CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS

Identify a recently announced security vulnerability and write a profile of the threat, including systems it attacks, how it performs its attack, mitigation strategies, scope of the threat, and concluding reflection on the adequacy of the mitigation strategies.

12 Pages794 Words21 Views
   

Added on  2022-08-27

CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS

Identify a recently announced security vulnerability and write a profile of the threat, including systems it attacks, how it performs its attack, mitigation strategies, scope of the threat, and concluding reflection on the adequacy of the mitigation strategies.

   Added on 2022-08-27

ShareRelated Documents
Running head: CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS
Cryptography and security vulnerabilities of Systems
Name of the Student
Name of the University
Authors note
CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS_1
CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS
1
Threat
One of the recently announced security vulnerabilities is Font-related Remote Code
Execution Vulnerability in different Windows operating systems
Vulnerable Systems
As there are no patch releases from Microsoft thus most of the Microsoft Operating
systems as well as the Windows Server operating systems are vulnerable due to this flaw against
the attackers.
Attack Techniques
As the vulnerability includes two remote code execution flaws in the atmfd.dll that are
built in for Adobe Type Manager font management tool in the operating systems. This atmfd.dll
library is utilized in order to render different fonts depending upon the Adobe Type 1
PostScript.
Remote code execution is the one of the worst kind of attacks from the user’s perspective
as the attackers injects some specific code segment into some File or program that gets executed
by the parser/compiler and in that way the targeted computer or server gets completely
compromised. Through this compromise the attacker can gain complete control over the
vulnerable computer network or server.
Mitigation Strategies
Mitigations strategies for this threat includes, disabling Details and Preview panes while
using the windows explorer program, disable Web Client services in order to protect the
computers and servers. By disabling the WebClient services the Distributed Authoring as well
CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS_2
CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS
2
as Versioning requests would not be transmitted by the computers running the windows OS. In
addition to that, different services that dependent on WebClient services would not start. In this
way the WebDAV shares inside a network would not be accessible from different vulnerable
computers. Another way is renaming ATMFD.DLL library.
Scope of the Threat
As from the official announcement about this vulnerability, there was no mention about
the any immediate patches for this vulnerability and it is intimidated that the patch for this
vulnerability may arrive on the next month's Patch Tuesday which is scheduled on April 14. In
that mean time the hackers or attackers can target the individual work stations or organization
servers that are running the windows Server systems with this flaw will be vulnerable to attacks.
Concluding reflection on adequacy of Mitigation strategy
Even though the disabling Preview, Details pane in Windows Explorer can help in
stopping display of different OTF fonts in Explorer function. Even though this technique stops
the malicious files to be viewed in Explorer but this this technique cannot stop any local,
suspicious authenticated users from executing some crafted program or code segment that can
exploit the identified vulnerability.
Much after with these securities are measure set up, it is still feasible for remote attackers
to execute programs situated on the focused target or neighborhood network. In any case, the
workaround will make clients alert and ask for affirmation before opening subjective
applications available from the Internet.
CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS_3
CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS
3
Answer to Question 2
Generation of 1024 bit keys
CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Microsoft Data Access Components Vulnerability Report
|5
|801
|430

Microsoft Data Access Components (MDAC) Vulnerability Report
|4
|1091
|417

Internet Security Threat
|4
|721
|361

Ethical Hacking: Research into OS vulnerabilities and Vulnerabilities Test Rational
|14
|2305
|257

EternalBlue: A Security Reference Code for MS17-010
|4
|977
|221

cyber Attack presentation 2022
|11
|796
|49