The improvements in computing technologies have been a significant achievement to the humanity allowing people to get more information and perform tasks that would otherwise turn out difficult if done manually. However, these technologies have appeared bundled with several challenges, which threaten privacy, and confidentiality of information due to hacking conducted by malicious people after identifying vulnerabilities of operating systems and computer applications. This report expounds on the vulnerabilities of windows operating system which can be used to launch attacks on computer systems.
Microsoft Windows is the most famous and most commonly used operating system in the world today running on both computers and smart-phones. The operating system has managed to evolve successfully from the later versions of Windows 98 to the famous Windows 7 all the way to the latest Windows 10. Apart from the client operating system, the Windows family also has a series of server operating systems the most common being Windows server 2003, 2008 and 2012. The unveiling of each new operating system is targeted at improving the user interface to meet the new needs of the customer and to seal the security loopholes that might be exploited in the operating system. However, nobody has done it accordingly over the ages, as new loopholes tend to occur on every version of the operating system unveiled.
It is important to the developers of operating systems to provide extensive tests to ascertain the weaknesses and loopholes in the system that could allow malicious people to gain access into the system and cause undesired damage to information, which is of high value to an organization. Microsoft, for example, has been on high alert on providing updates freely and on a regular basis to its family of an operating system to secure it from unprecedented challenges and attacks from hackers who are always evolving with the measures taken by the vendors of operating systems. It is essential for the vendors of operating systems to employ various methods in sealing flaws in the system which threaten th privacy of information belonging either to an individual or to an organization. With updates on the registry keys and the firewall definitions on the operating system, they will seal various potential entry points, therefore, increasing security of information system in general, and data stored in the information system in particular.
Unpatched client operating system applications are some of the most dangerous vulnerabilities to both individual and business that can enable an attacker to continue phishing activities using client applications (Coursey, 2009). Windows operating systems have millions of applications some of which are harmful than helpful to the system and the user. Some of the most notorious phishing activities on the computer systems have been known to exploit weaknesses in applications such as Adobe flash player and pop-ups on some of the programs which update after some period of time. Malicious people use these useful features on windows programs to gain access to the system and conduct their activities that might compromise the entire system or information. Despite the fact that most of the attacks such as phishing take place over the internet or online, some of them are possible on the client’s computer that can lead to the loss of the security of sensitive information and loss of privacy of an individual. With windows being the most commonly used operating system, most hackers spend their time seeking entry points into the system. Most of the freeware applications which are downloaded as torrents online are responsible for creating a backdoor to the system or installing other applications without the knowledge of the user such as key-loggers which capture every keystroke on the client’s computer and send it back to the hacker.
Operating System Data Access Components
Microsoft Data Access components (MDAC) which are a useful feature that allows programmers to create applications that are capable of accessing nearly all data stores, often misused by malicious knowledgeable programmers. With this in mind, visiting some web pages couuld allow a hacker to take control of one’s system (Technet, 2006). Various updates have been provided to seal the loops since its discovery available to download over the internet on Microsoft website.
Remote File Sharing
This is by far one of the most useful features in windows operating system allowing users to share their files with ease on a network. However, this feature may be used to access private information by searching on some of the keywords and files saved in various formats such as .pdf .doc .xls among other formats. The most dangerous share group is sharing a file with ”Everyone” which allows all people within the network to access information. This infringes the privacy of user information and private information.
Directory Access Vulnerability
This was a vulnerability in Windows Vista SP1, Windows 7 SP1, Windows Server 2008 R1 SP1, and Windows 8.1 allows a hacker to gain access to the system through a vulnerability in TS WebProxy allowing elevation of privileges after a hacker convinces a user to run an application designed to grant high privilege access to the attacker. The attacker after gaining high privilege mode to the system can be able to conduct modification of the system such as viewing, changing or even deleting user data (Microsoft, 2015). This, however, has been resolved through an update and patches from Microsoft.
OLE Object Vulnerabilities
Object Linking and Embedding (OLE) is a technology designed by Microsoft to allow interoperability and sharing of contents among various programs in Windows operating system. This technology allows content created by one program to be available in another program. This, however, despite its usefulness can allow remote code execution if an attacker designs an OLE object with malicious code which can allow an execution of update, delete, and create abilities on a target machine. It can even let the attacker install malicious programs on that particular machine if the user machine has administrative rights (Microsoft, 2015).