Pros And Cons Of Preventing Vulnerability Exploitation

3181 Words13 Pages
V. Preventing Vulnerability Exploitation i. Continuous updates and product patches Assumed that if you are patching your Windows computers on your SCADA or ICS system (using some variation of Microsoft Windows Update), then any vulnerable services that can be patched will be patched. Well guess again – you may still have a number of open vulnerabilities that are happily being missed by the Windows update service. And scariest of all, you can’t do much about it. Welcome to the Wild World of Windows Common Controls To understand why this is possible, it helps to know a little about something called Windows Common Controls. Common Controls are executable routines that Microsoft supplies to give applications from different developers for a unified look and feel. For example, the Tool Tip Control creates those small rectangular windows that display help text when you place the cursor over some button or tab and wait for few milliseconds. Common Controls have been in use from the early days of Windows. Applications like Word or SQL Server use them extensively, but so do many developers of 3rd party applications. In the SCADA and ICS world, it is a fair guess that the bulk of the software developed for industrial server or client applications on Windows machines use them. You Can Have the Patch IF… The problem started when Microsoft announced the existence of two serious vulnerabilities (MS12-027 and MS12-060) in the ActiveX controls contained in the file MSCOMCTL.OCX. According to the Common Vulnerabilities and Exposures (CVE) database, these flaws were being exploited as targeted attacks in April 2012 using specially crafted malicious RTF files sent via email. Microsoft soon provided patches to fix these vulnerabilities in their... ... middle of paper ... ... have to analyze so that we can say that the process which is running is the valid one or not. To make this conclusion we can have the list of processes which are allow to run on the system. If any other process (not listed) is running we can list it out. 3. Decide: Based on the analysis we need to decide what action we have to take. Suppose there is one process which is running from a long time but it is the process which we have not listed in the list of processes which has to run on the system, So we can terminate that process or we can buzz an alarm. 4. Act: Action has to be taken for processes that are running or not running to our system. These four steps are involved in the process monitoring and controlling. To have the system without any malicious process we need to monitor the system’s processes very keenly so that we can avoid harm to our control systems.

More about Pros And Cons Of Preventing Vulnerability Exploitation

Open Document