- Jan 24, 2011
- 9,378
Not all security vulnerabilities can actually be exploited in an attack, and new research shows that a high percentage of the Microsoft software bugs reported last year aren't exploitable if the systems are properly configured.
Renowned researcher and eEye founder/CTO Marc Maiffret and his team are studying all of the Microsoft Windows vulnerabilities from 2010, and have found that misconfiguration is a major factor in the risk of attack. Maiffret, whose company will release details of their findings next month, says it's about reducing the attack surface and prioritizing patching.
"[These] Microsoft vulnerabilities would be a nonevent if the systems were properly configured," Maiffret says. A few configuration changes can make all the difference, he says.
Among the configuration mistakes that can leave Windows systems vulnerable to attack are leaving Web-based Distributed Authoring and Versioning (WebDAV) and Task Scheduler enabled, Maiffret says. WebDAV is a tool for collaborating among users in editing and managing documents and files stored on Web servers; Task Scheduler lets you automatically set routine tasks, such as starting an application or sending an email, for example.
But these and other features are often left on by default, and may not even be necessary.
"With a lot of attacks at the end of year, one of the most common ways to deliver file format vulnerabilities was over WebDAV. But, in reality, most businesses don't use WebDAV and don't need it, yet it's on by default," he says.
More details - http://www.darkreading.com/vulnerab...security/vulnerabilities/229219168/index.html
Renowned researcher and eEye founder/CTO Marc Maiffret and his team are studying all of the Microsoft Windows vulnerabilities from 2010, and have found that misconfiguration is a major factor in the risk of attack. Maiffret, whose company will release details of their findings next month, says it's about reducing the attack surface and prioritizing patching.
"[These] Microsoft vulnerabilities would be a nonevent if the systems were properly configured," Maiffret says. A few configuration changes can make all the difference, he says.
Among the configuration mistakes that can leave Windows systems vulnerable to attack are leaving Web-based Distributed Authoring and Versioning (WebDAV) and Task Scheduler enabled, Maiffret says. WebDAV is a tool for collaborating among users in editing and managing documents and files stored on Web servers; Task Scheduler lets you automatically set routine tasks, such as starting an application or sending an email, for example.
But these and other features are often left on by default, and may not even be necessary.
"With a lot of attacks at the end of year, one of the most common ways to deliver file format vulnerabilities was over WebDAV. But, in reality, most businesses don't use WebDAV and don't need it, yet it's on by default," he says.
More details - http://www.darkreading.com/vulnerab...security/vulnerabilities/229219168/index.html
