Top 10 Windows 7 Vulnerabilities And Remediation Tips

Posted by UpGuard

Windows 7 Vulnerabilities

Upon its release, Windows 7 was hailed as "the most secure Windows ever"—true enough at the time, but its predecessor Windows Vista didn't exactly set a high bar security-wise.  Nonetheless, the updated OS shipped with literally hundreds of security changes and additions, addressing the needs of a more security-conscious home and business user base with features like AppLocker, BitLocker Drive Encryption technology, and more. Despite these improvements, Windows 7 has its own set of critical vulnerabilities—here are the top 11 on the list and how to fix them.

10. Driver Improper Interaction with Windows Kernel Vulnerability

CVE-2010-4398

By using a stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys, local users can gain privileges and bypass the User Account Control (UAC) feature through a specially crafted REG_BINARY value for a SystemDefaultEUDCFont registry key. 

9. Windows Fax Services Cover Page Editor Vulnerability

CVE-2010-4701

If you're still faxing, here's another reason to leave that remnant of the 80's behind: a heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 could allow remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. 

8. Win32k Improper Message Handling Vulnerability

CVE-2013-0008

Another kernal-mode vulnerability, this flaw also involves win32k.sys in the kernel-mode drivers. In this case, they do not properly handle window broadcast messages and could potentially allow local users to gain privileges through a specially crafted application.

7. Win32k.sys Elevation of Privilege Vulnerability

CVE-2014-4113

Windows 7's win32k.sys in kernel-mode drivers could enable local users to gain privileges through a specially crafted application.

6. Win32k Window Class Vulnerability

CVE-2010-2744

Windows 7's kernel-mode drivers improperly manage a window class, thereby allowing local users to gain privileges by creating a window and then (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed.

Top Windows 10 Vulnerabilities & How to Fix Them

5. Windows MFC Document Title Updating Buffer Overflow Vulnerability

CVE-2010-3227

This vulnerability involves the potential for stack-based buffer overflows in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library. Exploitation by attackers involves arbitrary code executed by way of a long window title, created at the request of the application by the library.

4. GDI Access Violation Vulnerability

CVE-2011-5046

Primarily a Windows API for displaying graphics, the Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers do not properly validate user-mode input. This could givr remote attackers the ability to execute arbitrary code or cause a memory corruption denial of service (DoS) with specially crafted data.

3. Windows OLE Remote Code Execution Vulnerability

CVE-2014-4114

Back in 2014, the so-called Sandworm made security headlines with its use of malicous Powerpoint files to install malware. Vulnerable Windows 7 installations could allow remote attackers to execute arbitrary code with a specially crafted OLE object in an Office document.

2. Insecure Library Loading Vulnerability

CVE-2010-3147

Windows Address Book (WAB) is a component that allows users to use a single list of contacts shared across multiple applications. Unfortunately, an untrusted search path vulnerability in wab.exe 6.00.2900.5512 in WAB could allow a local attacker to gain privileges via a Trojan horse wab32res.dll file in the current working directory.

1. Directory Traversal Elevation of Privilege Vulnerability

CVE-2015-0016

This directory traversal vulnerability in the Terminal Services component TSWbPrxy could allow a remote attacker to gain privileges with a specially crafted pathname in an executable file.

Microsoft ended mainstream support for Windows 7 back in January 2015, but as of this writing Windows 7 continues to command over 55% of the desktop OS market share. Don't let these vulnerabilities weaken your infrastructure's security posture—ScriptRock can scan your entire Windows environment for critical security flaws that most commonly lead to data breaches. Get started today, it's free for up to 10 nodes forever.

Free eBook: Secure Your Windows Environment

Source(s):

https://redmondmag.com/articles/2014/10/27/windows-7-sales-to-consumers.aspx?admgarea=BDNA

http://www.infoworld.com/article/2626907/endpoint-protection/the-ultimate-guide-to-windows-7-security.html

http://resources.infosecinstitute.com/windows-7-security-features/

https://nakedsecurity.sophos.com/2014/10/15/the-sandworm-malware-what-you-need-to-know/

https://www.techopedia.com/definition/24288/graphics-device-interface--gdi

http://www.pcmag.com/article2/0,2817,2475079,00.asp

Topics: security, Windows, vulnerabilities

UpGuard customers