With cyber-attacks on the continuous rise, organizations public and private must address computer security vulnerabilities. SANS Institute has revealed “unpatched client-side software applications” as the top priority vulnerability for organizations globally. In conjunction with unpatched client software, vulnerable “Internet-facing web sites” can result in an organizations infrastructure to be compromised. In this study I will address the issue of unpatched client software, the impact to an organizations infrastructure, and patch management as a vital mitigation solution. (http://www.sans.org)
CLIENT SIDE “UNPATCHED” SOFTWARE APPLICATIONS VULNERABILITIES
Newly ...view middle of the document...
Email is a trending tool to exploit client side vulnerabilities. Email is a tool for spear phishing. Spear phishing exploits client-side vulnerabilities by using deceptive impersonations of applications. The email may contain a link to a trusted website, where the victim discloses personal information. Typically, the ultimate goal of the attacker is to steal data from the targeted organization and also to install back doors access so attacker can return for further exploitation. Do not open any junk mail, open email messages in plain text preferably HTML or RTF, lower administrative rights while access web browsers and no opening attachment until properly scanned (www.sans.org)
Office solutions software applications are used as an exploit tool for spear phishing attacks using email. When a user opens the malicious document the exploits vulnerabilities in the office software begin. An attacker hosts a malicious document on a web server or shared folder, and entices a user to browse to the web page or the shared folder. Note that, in most situations, Internet Explorer automatically opens Microsoft Office documents. Hence, browsing the malicious web page or folder is sufficient for vulnerability exploitation in many cases (www.sans.org)
Navigating vulnerable unpatched client-side workstations through the Internet super highway can lead to computer security threats. Web browsers, email, and office software are the platform where the client workstation vulnerability and cyber-attack exploits come together to the organizations demise. Cypher X employee Tim is playing a sports game through a web browser (e.g. Internet Explorer) or downloaded from an email to his desktop from an unknown server (EX. UMUC Module 2). Several of Tim’s desk top applications (e.g. Quicktime, Photoshop) are outdated and “unpatched”. By downloading from an unknown source or accessing a website that may be malicious, his workstation is vulnerable to cyber-security threats and the session hijack begins. A client side exploit typically begins when the attacker has created an exploitation code for unpatched client-side software. The attacker posts the exploit code on a trusted third party web site (e.g. Facebook). A user surfs the Internet and logs on to Facebook from and workstation that is running unpatched outdated plug-ins on office software (e.g. Quicktime). The attackers exploit code recognizes the vulnerable unpatched software application and begins hijack and install programs to the workstation using the password and username of the user who is logged on the unpatched workstation. The attacker now uses shell access to grant the users account full system privileges on the unpatched workstation. Once the attacker has full system access he dumps the pass-the-hash attack gaining access to all user id’s and password information and migrates to another computer in the organizations network. The pass-the-hash attack allows him to move any workstation of his choosing. At this...