Case Scenario Exercise

 < Day Day Up > 



In this exercise, you will read a scenario about identifying updates that must be deployed to a Windows Server 2003 network, and then answer the questions that follow. The questions are intended to reinforce key information presented in this chapter. If you are unable to answer a question, review the lessons and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.

Scenario

You receive an e-mail from a friend who works as an administrator for another company. The e-mail describes four new vulnerabilities that might affect the computers on your network. Your friend describes the vulnerabilities as follows:

  • Buffer Overrun in the HTML Converter Could Allow Code Execution (KB823559). There is a flaw in the way the Hypertext Markup Language (HTML) converter for Microsoft Windows handles a conversion request during a cut-and- paste operation. A vulnerability exists because a specially crafted request to the HTML converter could cause the converter to fail in such a way that it could run code in the context of the currently logged-on user. Because Internet Explorer uses this functionality, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user’s computer. When a user visits an attacker’s Web site, the attacker could exploit the vulnerability without any other user action.

  • A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs (KB824146) There are three identified vulnerabilities in the part of the Windows RPC service (RPCSS) that deals with remote procedure call (RPC) messages for Distributed Component Object Model (DCOM) activation. Two of the vulnerabilities could allow an attacker to run malicious programs; one of the vulnerabilities might result in a denial of service. The flaws result from incorrect handling of malformed messages. These vulnerabilities affect the DCOM interface in RPCSS. This interface handles DCOM object activation requests that are sent by client computers to the server. An attacker who successfully exploits these vulnerabilities might be able to run code with Local System rights on an affected computer, or cause RPCSS to stop working. The attacker could then take any action on the computer, including installing programs, viewing, changing, or deleting data, or creating new accounts with full rights.

  • Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (KB825119). A security vulnerability exists in the Help and Support Center function that ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the vulnerable protocol is not supported on those platforms. The vulnerability results because a file associated with the Help and Support Center contains an unchecked buffer. An attacker could exploit the vulnerability by constructing a URL that, when clicked by a user, could run code of the attacker’s choice in the Local Computer security context. The URL could be hosted on a Web page or sent directly to the user in e-mail. In the Web-based scenario, if a user clicked the URL hosted on the Web site, an attacker could have the ability to read or launch files already present on the local machine.

  • Update for Windows Media Player Script Command Behavior (KB828026). This update contains a change to the behavior of the ability of Microsoft Windows Media Player to launch URLs in the local computer zone from other zones. When a content owner creates an audio or a video stream, that content owner can add script commands (such as URL script commands and custom script commands) that are embedded in the stream. When the stream is played back, the script commands can trigger events in an embedded player program, or they can start a Web browser and then connect to a particular Web page. Logic was added so that when Windows Media Player does run URL script commands, the script cannot take the user from a less-trusted security zone to a more- trusted security zone.

Your small network consists of a firewall, a router, a printer, several desktop and mobile clients running Windows XP, several desktop clients running Windows 98, a computer running Windows 2000 Server, and a computer running Windows Server 2003, as shown in Figure 5.9.

click to expand
Figure 5.9: Your company’s network architecture

Evaluate each of the four updates to determine their priority, and identify the computers that should receive the updates. Also consider ways to protect the computers in addition to applying updates.

Questions

  1. How should you validate the updates your friend described to be sure that they really were released by Microsoft?

  2. Which of the computers should receive the update titled Buffer Overrun in the HTML Converter Could Allow Code Execution (KB823559)? (Choose all that apply.)

    1. The computer running Windows 2000 Server

    2. The computer running Windows Server 2003

    3. The computers running Windows XP Professional

    4. The computers running Windows 98

    5. The networked printer

    6. The hardware firewall

    7. The hardware router

  3. Besides applying the update, how can you protect your network from the vulnerability resolved by the update titled Buffer Overrun in the HTML Converter Could Allow Code Execution (KB823559)?

  4. Which of the computers should receive the update titled A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs (KB824146)? (Choose all that apply.)

    1. The computer running Windows 2000 Server

    2. The computer running Windows Server 2003

    3. The computers running Windows XP Professional

    4. The computers running Windows 98

    5. The networked printer

    6. The hardware firewall

    7. The hardware router

  5. Which of the computers should receive the update titled Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (KB825119)? (Choose all that apply.)

    1. The computer running Windows 2000 Server

    2. The computer running Windows Server 2003

    3. The computers running Windows XP Professional

    4. The computers running Windows 98

    5. The networked printer

    6. The hardware firewall

    7. The hardware router

  6. Which of the computers should receive the update titled Update for Windows Media Player Script Command Behavior (KB828026)? (Choose all that apply.)

    1. The computer running Windows 2000 Server

    2. The computer running Windows Server 2003

    3. The computers running Windows XP Professional

    4. The computers running Windows 98

    5. The networked printer

    6. The hardware firewall

    7. The hardware router

  7. How should you handle updates for the printer, firewall, and router?



 < Day Day Up > 



MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net