Microsoft Baseline Security Analyzer is flawed - Philadelphia Conshohocken Delaware Valley PA USA
Netforcement Header
Spacer Services Security Resources Case Studies About Contact Us

Microsoft Baseline Security Analyzer is flawed

04-26-02


(Philadelphia & Conshohocken, PA)

(Conshohocken & Philadelphia, PA) After MBSA analyzes the system for security vulnerabilities, a report is created as a plain text file that includes sensitive information that can be used by hackers to attack the specific machine. MBSA was created to help users become aware of risks and available patches. However, MBSA turns the simple vulnerability of reading local files into a much more powerful vulnerability. Such a simple vulnerability allows potential hackers to find out about vulnerabilities that enable full control over the machine that is under attack. These are automatic attacks. This means that active content (executables, scripts, ActiveX, Java, etc.) has the ability to generate a list of vulnerabilities or read a previously created list, and can then utilize these vulnerabilities to its advantage. Even if this report can be accessed only by a specific user, the active content can access it too. Complete article





BACK to the Netforcement News Page.

REQUEST MORE INFORMATION On how Netforcement can help you secure the integrity of your network.

 
610.260.9989 | Request Info Privacy & Security Site Map | © 2006 Netforcement   
Footer1
Home Page Customer Login PGP Keys