1. UPNP Service Vulnerability Vulnerability Description Allows an attacker to execute arbitrary instructions. Explain that there are serious security vulnerabilities in the UPNP service that Windows XP launches by default. The UPNP (Universal Plug and Play) system provides universal peer-to-peer network connectivity for wireless devices, PCs, and smart applications. It provides TCP/IP connectivity and Web access between home information devices and office network devices. Detect and integrate UPNP hardware. The UPNP protocol has security vulnerabilities that allow an attacker to illegally gain system-level access to any Windows XP, conduct attacks, and initiate distributed attacks by controlling multiple XP machines. Countermeasures (1) It is recommended to disable the UPNP service. (2) Download the patch. 2. Upgrade Program Vulnerability Vulnerability Description If you upgrade Windows XP to Windows XP Pro, IE 6.0 will be reinstalled and the previous patches will be cleared. Explaining the Windows XP upgrade program will not only remove the IE patch file, but also cause Microsoft's upgrade server to fail to correctly identify IE. There are two potential threats to the Windows XP Pro system, as described below: (1) Some web pages Or Html mail scripts can automatically call Windows programs. (2) The user's computer file can be peeked through the IE vulnerability. Countermeasures If the IE browser does not download the upgrade patch, you can download the latest patch from the Microsoft website. 3. Help and Support Center Vulnerabilities Vulnerability Description Delete files from the user system. Interpretation Help and Support Center provides integration tools that allow users to get help and support on a variety of topics. A vulnerability exists in the current version of the Windows XP Help and Support Center that could allow an attacker to skip a particular web page (when opening the page, call the wrong function and pass the name of the existing file or folder as a parameter) The operation of uploading a file or folder fails, and the web page can then be posted on the website to attack users who visit the website or to be attacked as a mail. In addition to enabling an attacker to delete files, the vulnerability does not entitle other users. The attacker cannot obtain the rights of the system administrator or read or modify the file. Action Install Service Pack 1 for Windows XP. 4. Compressed Folder Vulnerability Vulnerability Description Windows XP compressed folder can run code at the attacker's choice. Explanation In the Windows XP system with the "Plus!" package installed, the "Compressed Folders" feature allows Zip files to be processed as normal folders. There are two vulnerabilities in the "Compressed Folders" feature, as described below: (1) Unzipped buffers exist in the program to store the unzipped files when unzipping the Zip file, which may result in browser crashes or attacks. The code of the person is run. (2) The decompression function places a file in a non-user-specified directory, which allows an attacker to place a file in a known location on the user's system. It is recommended not to receive untrusted email attachments or to download untrusted files. 5. Service Rejection Vulnerability Description The service refused. Explain that Windows XP supports Point-to-Point Protocol (PPTP), a virtual private network technology implemented as a remote access service, resulting in an unchecked cache in the code segment that controls the establishment, maintenance, and teardown of PPTP connections, resulting in Windows XP There are loopholes in the implementation. By sending incorrect PPTP control data to a server that has the vulnerability, an attacker can corrupt core memory and cause system failure, interrupting all running processes on the system. The vulnerability can be used to attack any server that provides PPTP services. For PPTP client workstations, an attacker only needs to activate a PPTP session to attack. For any compromised system, you can resume normal operation by rebooting. Action It is recommended not to start PPTP by default. 6. Windows Media Player Vulnerability Vulnerability Description Possible leakage of user information; script call; cache path leak. Explaining the Windows Media Player vulnerability mainly has two problems: First, the information leakage vulnerability, which provides the attacker with a way to run the code on the user's system. Microsoft defines the severity level as "serious". The second is a script execution vulnerability. When the user chooses to play a special media file and then browses a specially constructed web page, the attacker can use the vulnerability to run the script. Because the vulnerability has special timing requirements, it is relatively difficult to exploit the vulnerability, and its severity is relatively low. Countermeasures The Windows Media Player information disclosure vulnerability does not affect media files that are open on the local machine. Therefore, it is recommended that the files to be played be downloaded to the local and then played, so that you can not be attacked by this vulnerability. The script execution vulnerability only performs a series of operations in the following order, and an attacker can exploit the vulnerability for a successful attack. Otherwise, the attack will not succeed. The specific operation is as follows: the user must play a special media file located on the attacker's side; after playing the special file, the user must close Windows Media Player instead of playing other files; the user must then browse an attacker built Web page. Therefore, users only need to operate in this order without being attacked. 7. RDP Vulnerability Vulnerability Description Information disclosure and denial of service. Explain that the Windows operating system provides remote terminal sessions for clients through RDP (Remote Data Protocol). The RDP protocol transmits the relevant hardware information of the terminal session to the remote client. The vulnerabilities are as follows: (1) Vulnerabilities related to session encryption implementation of some RDP versions. All RDP implementations allow encryption of data in RDP sessions. However, in Windows 2000 and Windows XP versions, the verification of plain text session data is not encrypted before being sent. An attacker who eavesdrops and logs an RDP session can Verify the password analysis attack and overwrite the session transfer. (2) Vulnerabilities related to some incorrect packet processing methods implemented by RDP in Windwos XP. When receiving these packets, Remote Desktop Services will fail and will also cause the operating system to fail. An attacker only needs to authenticate the system when sending such packets to an affected system. Countermeasure Windows XP does not launch its Remote Desktop Service by default. Even if Remote Desktop Services is started, you can avoid this attack by simply blocking port 3389 in the firewall. 8.VM Vulnerability Vulnerability Description Code that could cause information to leak and execute an attacker's code. Explain that an attacker can crash a host application by passing invalid parameters to the JDBC class. The attacker needs to have a malicious Java applet on the site and entice the user to access the site. A malicious user can install any DLL on the user's machine and execute arbitrary native code, potentially destroying or reading in-memory data. Countermeasures It is recommended to perform security updates of related software frequently. 9. Hotkey Vulnerability Vulnerability Description After setting the hotkey, due to the self-logout function of Windows XP, the system can be “falsely logged out”, and other users can call the program through hotkeys. Explain that the hotkey function is a service provided by the system. When the user leaves the computer, the computer is in an unprotected state. At this time, Windows XP will automatically implement “self-logout”. Although it cannot enter the desktop, the hotkey service has not yet been Stop, you can still use the hotkey to launch the application. Countermeasures (1) Since the vulnerability is exploited as a hotkey is available, it is necessary to check the hotkeys of programs and services that may cause harm. (2) Start the screen saver and set the password. (3) It is recommended to lock the computer when leaving the computer. 10. Account Fast Switching Vulnerability Vulnerability Description There is a problem with the Windows XP Quick Account Switching function, which can result in account lockout, making it impossible for all non-administrator accounts to log in. Explanation Windows XP has designed a quick account switching function, which allows users to quickly switch between different accounts, but its design has problems, can be used to lock accounts, so that all non-administrator accounts can not log in. With the account lockout function, users can use the account quick switch function to quickly retry to log in another user name, and the system will consider it as brute force cracking, resulting in non-administrator account lockout. Action Temporarily disable account fast switching.